Microsoft Azure Site Recovery DLL hijacking
Published Tue, Jul 12th, 2022
Platforms
Summary
The Microsoft Azure Site Recovery suite contained a DLL hijacking flaw that allowed for privilege escalation from any low privileged user to SYSTEM on hosts where this service was installed. Incorrect permissions on the cxprocessserver service's executable directory allowed new files to be created in it by any user. Since the service ran automatically and with SYSTEM privileges and attempted to load DLLs from the directory, this allowed for a DLL hijacking / planting attack.
Affected Services
Azure Site Recovery
Remediation
None required
Tracked CVEs
CVE-2022-33675
References
Contributed by https://github.com/mer-b
Entry Status
Finalized
Disclosure Date
Fri, Apr 8th, 2022
Exploitability Period
-
Known ITW Exploitation
-
Detection Methods
None
Piercing Index Rating
-
Discovered by
James Sebree, Tenable
