Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



DLL Hijacking Flaw Fixed in Microsoft Azure Site Recovery

Microsoft’s massive Patch Tuesday rollout this month included fixes for multiple high-severity vulnerabilities impacting the Azure Site Recovery service.

Microsoft’s massive Patch Tuesday rollout this month included fixes for multiple high-severity vulnerabilities impacting the Azure Site Recovery service.

Azure Site Recovery represents a suite of tools for ensuring business continuity during outages, such as site recovery – which ensures that both applications and workloads continue to operate on a secondary location – and data backup services.

One vulnerability that Microsoft specifically highlights is a DLL hijacking bug in the Azure Site Recovery process server component, which could allow any user to escalate privileges to that of SYSTEM.

Tracked as CVE-2022–33675, the issue exists because of incorrect permissions for the service’s executable directory, which allowed any user to create new files.

According to Tenable, the company credited with the flaw discovery, the service launched from this directory runs automatically and with SYSTEM privileges and attempts to load several DLLs from this directory. “This allows for a DLL hijacking/planting attack via several libraries that are attempted to be loaded from this location when the service is launched,” the company said in an advisory.

[ READ: MS Patch Tuesday: 84 Windows Vulns, Including Exploited Zero-Day ]

All Azure Site Recovery on-premises installations are impacted, including VMWare-to-Azure scenarios. 

Advertisement. Scroll to continue reading.

“Customers must upgrade all process server installations, such as the in-built process server, scale out process server, and scale out process server on Azure (if any),” Microsoft recommends.

The updated Azure Site Recovery updates resolve 30 vulnerabilities in the configuration server component and two bugs in the process server component, all of which require for the attacker to have valid user credentials and to be logged in to a vulnerable appliance. Approximately half of these issues carry a high-severity rating.

“Microsoft is not aware of any exploitation of these vulnerabilities, which only impact replication capabilities, not customer workloads. There is also no risk of cross-tenant data exposure since this is an on-premises offering,” Redmond said..

Most of the addressed vulnerabilities are SQL Injection (SQLi) bugs, with elevation of privilege (EoP) being the second most encountered type of bugs. The patches also resolve remote code execution (RCE) flaws that require administrative privileges for Azure Site Recovery-protected virtual machines.

On Tuesday, Microsoft announced patches for 84 vulnerabilities in Windows, including an in-the-wild zero-day that allows an attacker to gain SYSTEM privileges on a vulnerable machine.

Related: SAP Patches High-Severity Flaws in Business One Product

Related: Microsoft Patch Tuesday: 84 Windows Vulns, Including Already-Exploited Zero-Day

Related: ICS Patch Tuesday: Siemens, Schneider Electric Address 59 Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...