Microsoft : Security Vulnerabilities, CVEs, (Bypass)

Azure CycleCloud Elevation of Privilege Vulnerability

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Secure Boot Security Feature Bypass Vulnerability

Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability

Proxy Driver Spoofing Vulnerability

Azure Data Studio Elevation of Privilege Vulnerability

Microsoft Intune Linux Agent Elevation of Privilege Vulnerability

Azure Migrate Remote Code Execution Vulnerability

Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.

Windows Installer Elevation of Privilege Vulnerability

Windows Kerberos Security Feature Bypass Vulnerability

Azure Compute Gallery Elevation of Privilege Vulnerability

Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability

Microsoft Exchange Server Elevation of Privilege Vulnerability

Microsoft Outlook Elevation of Privilege Vulnerability

Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability

Microsoft Authenticator Elevation of Privilege Vulnerability

Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability

Skype for Business Information Disclosure Vulnerability

Windows Group Policy Elevation of Privilege Vulnerability

Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue.

Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability