SentinelOne’s SentinelLabs discovered multiple security vulnerabilities in Microsoft Azure’s Defender last year, some of which were rated “critical” in severity and impact. Microsoft has released patches for all the vulnerabilities, but SentinelLabs urges Azure Defender for IoT users to act now.
The flaws, discovered by security researchers at SentinelLabs, could allow attackers to remotely control devices protected by Microsoft’s Azure Defender for IoT. Attacks based on these vulnerabilities exploit certain weaknesses in Azure’s password recovery mechanism.
SentinelLabs claims it proactively reported the security flaws to Microsoft in June 2021. The vulnerabilities are tracked as CVE-2021-42310, CVE-2021-42312, CVE-2021-37222, CVE-2021-42313 and CVE-2021-42311 and marked as critical, some have a CVSS score of 10.0, which is the highest. Security researchers claim they have yet to find evidence of abuse by hackers. In other words, despite the security flaws in Microsoft’s Azure Defender for IoT being more than 8 months old, no attacks based on these vulnerabilities have been documented.
Microsoft Defender for IoT is an agentless network layer security for continuous IoT (Internet of Things) or OT (Operational Technology) asset discovery, vulnerability management and threat detection. Microsoft guarantees that this layer of protection does not require changes to existing environments. It is a flexible security platform, which means users can choose to deploy the same security platform on-premises or in an Azure-connected environment.
Microsoft already acquired CyberX back in 2020. Azure Defender for IoT is a primarily CyberX based product. It appears that at least one attack vector was found inside an installation script and a tar archive containing system encrypted files. Both files exist in the “CyberX” user’s home directory. The script decrypts the archive file.