Summary
The Microsoft Azure Site Recovery suite contained a DLL hijacking flaw that allowed for
privilege escalation from any low privileged user to SYSTEM on hosts where this service was installed.
Incorrect permissions on the cxprocessserver service's executable directory allowed new files to be
created in it by any user. Since the service ran automatically and with SYSTEM privileges and attempted
to load DLLs from the directory, this allowed for a DLL hijacking / planting attack.
Affected Services
Azure Site Recovery
Remediation
None required
Tracked CVEs
CVE-2022-33675
References
https://medium.com/tenable-techblog/microsoft-azure-site-recovery-dll-hijacking-cd8cc34ef80chttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-33675https://www.tenable.com/security/research/tra-2022-26https://msrc-blog.microsoft.com/2022/07/12/microsoft-mitigates-azure-site-recovery-vulnerabilities/
Contributed by https://github.com/mer-b
Disclosure Date
Fri, Apr 8th, 2022
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
James Sebree, Tenable
