Microsoft : Security Vulnerabilities, CVEs, (Bypass) CVSS score >= 7

Azure CycleCloud Elevation of Privilege Vulnerability

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Azure Data Studio Elevation of Privilege Vulnerability

Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.

Windows Installer Elevation of Privilege Vulnerability

Windows Kerberos Security Feature Bypass Vulnerability

Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Microsoft Exchange Server Elevation of Privilege Vulnerability

Microsoft Outlook Elevation of Privilege Vulnerability

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability

Microsoft Authenticator Elevation of Privilege Vulnerability

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability

Windows Group Policy Elevation of Privilege Vulnerability

Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability

Open Management Infrastructure Elevation of Privilege Vulnerability

Open Management Infrastructure Remote Code Execution Vulnerability

OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be both version 2.12.0 or greater and deployed with the non-default --multi_tenant_domain option. This can result in read/write access to private data such as software vulnerability and crash information, security testing tools and proprietary code and symbols. Via authorized API calls, this also enables tampering with existing data and unauthorized code execution on Azure compute resources. This issue is resolved starting in release 2.31.0, via the addition of application-level check of the bearer token's `issuer` against an administrator-configured allowlist. As a workaround users can restrict access to the tenant of a deployed OneFuzz instance < 2.31.0 by redeploying in the default configuration, which omits the `--multi_tenant_domain` option.

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability

Microsoft Exchange Server Elevation of Privilege Vulnerability

Microsoft Exchange Server Information Disclosure Vulnerability

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.