Security Experts:

Connect with us

Hi, what are you looking for?



DLL Hijacking Flaw Fixed in Microsoft Azure Site Recovery

Microsoft’s massive Patch Tuesday rollout this month included fixes for multiple high-severity vulnerabilities impacting the Azure Site Recovery service.

Microsoft’s massive Patch Tuesday rollout this month included fixes for multiple high-severity vulnerabilities impacting the Azure Site Recovery service.

Azure Site Recovery represents a suite of tools for ensuring business continuity during outages, such as site recovery – which ensures that both applications and workloads continue to operate on a secondary location – and data backup services.

One vulnerability that Microsoft specifically highlights is a DLL hijacking bug in the Azure Site Recovery process server component, which could allow any user to escalate privileges to that of SYSTEM.

Tracked as CVE-2022–33675, the issue exists because of incorrect permissions for the service’s executable directory, which allowed any user to create new files.

According to Tenable, the company credited with the flaw discovery, the service launched from this directory runs automatically and with SYSTEM privileges and attempts to load several DLLs from this directory. “This allows for a DLL hijacking/planting attack via several libraries that are attempted to be loaded from this location when the service is launched,” the company said in an advisory.

[ READ: MS Patch Tuesday: 84 Windows Vulns, Including Exploited Zero-Day ]

All Azure Site Recovery on-premises installations are impacted, including VMWare-to-Azure scenarios. 

“Customers must upgrade all process server installations, such as the in-built process server, scale out process server, and scale out process server on Azure (if any),” Microsoft recommends.

The updated Azure Site Recovery updates resolve 30 vulnerabilities in the configuration server component and two bugs in the process server component, all of which require for the attacker to have valid user credentials and to be logged in to a vulnerable appliance. Approximately half of these issues carry a high-severity rating.

“Microsoft is not aware of any exploitation of these vulnerabilities, which only impact replication capabilities, not customer workloads. There is also no risk of cross-tenant data exposure since this is an on-premises offering,” Redmond said..

Most of the addressed vulnerabilities are SQL Injection (SQLi) bugs, with elevation of privilege (EoP) being the second most encountered type of bugs. The patches also resolve remote code execution (RCE) flaws that require administrative privileges for Azure Site Recovery-protected virtual machines.

On Tuesday, Microsoft announced patches for 84 vulnerabilities in Windows, including an in-the-wild zero-day that allows an attacker to gain SYSTEM privileges on a vulnerable machine.

Related: SAP Patches High-Severity Flaws in Business One Product

Related: Microsoft Patch Tuesday: 84 Windows Vulns, Including Already-Exploited Zero-Day

Related: ICS Patch Tuesday: Siemens, Schneider Electric Address 59 Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.