CERTFR-2022-AVI-1014

Vulnerability from certfr_avis - Published: 2022-11-09 - Updated: 2022-11-09

De multiples vulnérabilités ont été corrigées dans Microsoft Azure. Elles permettent à un attaquant de provoquer une exécution de code à distance, une élévation de privilèges, un contournement de la fonctionnalité de sécurité, une atteinte à la confidentialité des données et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Microsoft Azure Azure EFLOW
Microsoft Azure Azure CycleCloud 7
Microsoft Azure Azure RTOS GUIX Studio
Microsoft Azure Windows Server 2022 Datacenter: Azure Edition (Hotpatch)
Microsoft Azure Azure CycleCloud 8
Microsoft Azure Azure CLI
References
Bulletin de sécurité Microsoft du 08 novembre 2022 None vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-41045 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41090 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-37992 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41057 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41058 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41047 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41055 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41054 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41039 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41051 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41053 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41097 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41085 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41073 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41125 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-38014 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41056 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41100 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-39327 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41088 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41086 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41049 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-38015 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41048 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41050 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41102 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41098 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41114 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41092 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41101 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41093 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41109 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41113 du 08 novembre 2022 - other
Bulletin de sécurité Microsoft CVE-2022-41091 du 08 novembre 2022 - other

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Azure EFLOW",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 7",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure RTOS GUIX Studio",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 Datacenter: Azure Edition (Hotpatch)",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CLI",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-38014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38014"
    },
    {
      "name": "CVE-2022-41039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41039"
    },
    {
      "name": "CVE-2022-41086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41086"
    },
    {
      "name": "CVE-2022-41056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41056"
    },
    {
      "name": "CVE-2022-41045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41045"
    },
    {
      "name": "CVE-2022-41057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41057"
    },
    {
      "name": "CVE-2022-41058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41058"
    },
    {
      "name": "CVE-2022-41054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41054"
    },
    {
      "name": "CVE-2022-41053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41053"
    },
    {
      "name": "CVE-2022-41109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41109"
    },
    {
      "name": "CVE-2022-41048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41048"
    },
    {
      "name": "CVE-2022-41090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41090"
    },
    {
      "name": "CVE-2022-41085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41085"
    },
    {
      "name": "CVE-2022-41049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41049"
    },
    {
      "name": "CVE-2022-41091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41091"
    },
    {
      "name": "CVE-2022-41051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41051"
    },
    {
      "name": "CVE-2022-41113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41113"
    },
    {
      "name": "CVE-2022-41102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41102"
    },
    {
      "name": "CVE-2022-41098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41098"
    },
    {
      "name": "CVE-2022-41101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41101"
    },
    {
      "name": "CVE-2022-41092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41092"
    },
    {
      "name": "CVE-2022-41073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41073"
    },
    {
      "name": "CVE-2022-41050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41050"
    },
    {
      "name": "CVE-2022-39327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39327"
    },
    {
      "name": "CVE-2022-41047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41047"
    },
    {
      "name": "CVE-2022-38015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38015"
    },
    {
      "name": "CVE-2022-41100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41100"
    },
    {
      "name": "CVE-2022-41125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41125"
    },
    {
      "name": "CVE-2022-37992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37992"
    },
    {
      "name": "CVE-2022-41114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41114"
    },
    {
      "name": "CVE-2022-41088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41088"
    },
    {
      "name": "CVE-2022-41055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41055"
    },
    {
      "name": "CVE-2022-41097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41097"
    },
    {
      "name": "CVE-2022-41093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41093"
    }
  ],
  "initial_release_date": "2022-11-09T00:00:00",
  "last_revision_date": "2022-11-09T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41045 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41045"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41090 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41090"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-37992 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37992"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41057 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41057"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41058 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41058"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41047 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41047"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41055 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41055"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41054 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41054"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41039 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41039"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41051 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41051"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41053 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41053"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41097 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41097"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41085 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41085"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41073 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41073"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41125 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41125"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-38014 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38014"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41056 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41056"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41100 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41100"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-39327 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-39327"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41088 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41088"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41086 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41086"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41049 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41049"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-38015 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38015"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41048 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41048"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41050 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41050"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41102 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41102"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41098 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41098"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41114 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41114"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41092 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41092"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41101 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41101"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41093 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41093"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41109 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41109"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41113 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41113"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41091 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41091"
    }
  ],
  "reference": "CERTFR-2022-AVI-1014",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation de\nprivil\u00e8ges, un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.