Microsoft fixes code execution, privilege escalation in Microsoft Azure Sphere

Microsoft addressed vulnerabilities in Microsoft Azure Sphere that could lead to the execution of arbitrary code or to the elevation of privileges.

Microsoft has recently addressed some vulnerabilities impacting Microsoft Azure Sphere that could be exploited by attackers to execute arbitrary code or to elevate privileges.

Azure Sphere OS adds layers of protection and ongoing security updates to create a trustworthy platform for new IoT experiences.

The cloud-based system on a chip (SoC) leverages a hardware platform composed of several ARM cores, Azure Sphere OS (custom, Linux-based OS), and the Azure Sphere Security Service.

Researchers from Cisco Talos reported four vulnerabilities in Azure Sphere, two of which could lead to the execution of unsigned code, and two leading to privilege escalation.

The two code execution vulnerabilities exist in the normal world’s signed code execution functionality of Azure Sphere 20.07.

“A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted shellcode can cause a process’ heap to become executable after having been writable. An attacker can execute a shellcode that sets the READ_IMPLIES_EXEC personality to trigger this vulnerability.” reads the advisory published by Talos. 

The first of two issues reside in the Normal World application READ_IMPLIES_EXEC personality that can be exploited through specially crafted shellcode that would cause a process’ heap to become executable. The vulnerability affects version 20.07 of Azure Sphere.

The second issue of them was found in /proc/thread-self/mem and can be exploited via specially crafted shellcode designed to cause a process’ non-writable memory to be written to. An attacker could supply shellcode specifically designed to modify the program and trigger the vulnerability.

The third issue is a privilege escalation flaw that resides in the Capability access control functionality of Microsoft Azure Sphere 20.06. An attacker can write a shellcode that includes a set of specially crafted ptrace syscalls to trigger the issue and elevate privileges.

The second elevation of privilege issue resides in the uid_map functionality of Azure Sphere 20.06 and can be exploited using a specially crafted uid_map file.

“A privilege escalation vulnerability exists in the uid_map functionality of Microsoft Azure Sphere 20.06. A specially crafted uid_map file can cause multiple applications to get the same UID assigned, thus broadening the attack surface. An attacker can modify the uid_map file to trigger this vulnerability.” states the advisory.

These vulnerabilities were discovered in version 20.06.

Microsoft has published a blog post detailing Azure Sphere 20.08 Security Updates, which includes the fixes for the above issues.which patches the vulnerabilities.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Azure Sphere)

[adrotate banner=”5″]

[adrotate banner=”13″]