low

Microsoft Azure Site Recovery DLL hijacking

Published Tue, Jul 12th, 2022
Platforms

Summary

The Microsoft Azure Site Recovery suite contained a DLL hijacking flaw that allowed for privilege escalation from any low privileged user to SYSTEM on hosts where this service was installed. Incorrect permissions on the cxprocessserver service's executable directory allowed new files to be created in it by any user. Since the service ran automatically and with SYSTEM privileges and attempted to load DLLs from the directory, this allowed for a DLL hijacking / planting attack.

Affected Services

Azure Site Recovery

Remediation

None required

Tracked CVEs

CVE-2022-33675

References

Disclosure Date
Fri, Apr 8th, 2022
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
James Sebree, Tenable