Last year, SentinelOne’s SentinelLabs found many security weaknesses in Microsoft Azure’s Defender for IoT. For severity and impact, a handful of these flaws were classified “Critical.” Microsoft has released updates for all of the flaws, but users of Azure Defender for IoT must act quickly, according to the company.
Security researchers at SentinelLabs uncovered loopholes that could allow attackers to remotely compromise devices secured by Microsoft Azure Defender for IoT. Exploits that take advantage of these flaws take advantage of flaws in Azure’s Password Recovery process.
SentinelLabs claims to have notified Microsoft about the security flaws in June 2021. CVE-2021-42310, CVE-2021-42312, CVE-2021-37222, CVE-2021-42313, and CVE-2021-42311 are the names of the vulnerabilities, which are all marked as Critical, with some of them having a CVSS score of 10.0, which is the highest. The security researchers believe that they have yet to find proof of abuse in the wild. In other words, despite the fact that the security issues in Microsoft Azure Defender for IoT have been known for over eight months, no attacks based on the bugs have been reported.
Microsoft Defender for IoT is an agentless network-layer security solution for continuous asset discovery, vulnerability management, and threat detection in IoT (Internet of Things) and OT (Operational Technology) environments. The protection layer, according to Microsoft, does not require any changes to existing environments. It is a versatile security platform, allowing users to deploy it on-premises or in Azure-connected environments.
CyberX was purchased by Microsoft in 2020. CyberX is a product that Azure Defender for IoT is based on. At least one of the attack vectors was located in an installation script and a tar archive holding the system’s encrypted files, according to the evidence. Both of these files can be found in the “CyberX” user’s home directory. The archive file is decrypted by the script.
SentinelLabs uncovered vulnerabilities that affect both cloud and on-premises clients. Despite the lack of evidence of “in the wild” exploits, a successful assault can compromise the entire network. This is due to the fact that Azure Defender for IoT has a TAP (Terminal Access Point) enabled on the network traffic. It goes without saying that once attackers have full access, they can carry out any attack or steal sensitive data.