Exploiting Azure Defender for IoT flaws may cause significant compromise

Microsoft Azure Defender for IoT is being impacted by five critical security flaws, which could compromise networks when successfully exploited, reports VentureBeat. SentinelLabs researchers noted that the vulnerabilities, tracked as CVE-2021-42310, CVE-2021-42312, CVE-2021-37222, CVE-2021-42311, and CVE-2021-42313, impact cloud and on-premises versions of Azure Defender for IoT. "[A] successful attack may lead to full network compromise, since Azure Defender for IoT is configured to have a TAP (Terminal Access Point) on the network traffic. Access to sensitive information on the network could open a number of sophisticated attacking scenarios that could be difficult or impossible to detect," said researchers. Threat actors could also exploit the flaws to obtain access without the need for authentication. Microsoft has already issued patches to fix the bugs, which SentinelLabs researchers noted have not yet been actively exploited in the wild. "We addressed the specific issues mentioned and we appreciate the finder working with us to ensure customers remain safe," said Microsoft.