Security vulnerability: Azure Stack HCI vulnerable to attack
Microsoft has released an important security patch for Azure Stack HCI. No attacks have been observed to date.
(Image: Artur Szczybylo/Shutterstock.com)
If admins host virtual machines with Azure Stack HCI, they should install the latest version to prevent attacks.
Close the security gap
In a warning message, Microsoft writes that the vulnerability (CVE-2024-49060) is classified with a threat level of"high". According to the authors, no attacks are known to date, but they could be imminent. A security update, which is implemented from Azure Stack HCI 2411, provides a remedy.
If attacks are successful, attackers can acquire higher rights. How this could work in detail is not yet known. Microsoft states that attackers must already be authenticated for an attack to be able to access a vulnerable Azure Stack HCI cluster. This could be achieved via SSH, for example.
(des)
