Vladimir Abramzon

**Name of the Vulnerable Software and Affected Versions** Azure Entra ID (affected versions not specified) **Description** An elevation of privilege issue exists in Azure Entra ID. This allows unauthorized access and potential compromise of accounts. Details regarding the technical aspects of exploitation, such as specific API endpoints or vulnerable parameters, are not available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Identity Libraries and Microsoft Authentication Library (affected versions not specified) **Description** The vulnerability in Azure Identity Libraries and Microsoft Authentication Library is related to synchronization errors when using a shared resource, specifically in the DefaultAzureCredential and ManagedIdentityCredential components. This issue can allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Azure Arc-enabled Kubernetes Extension Cluster (affected versions not specified) Description: The issue is related to insufficient access controls in Azure Arc-enabled Kubernetes extensions, which can be exploited by a remote attacker to elevate their privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) TDX module software versions prior to 1.5.05.46.698 **Description** The issue is related to improper input validation in the Intel(R) TDX module software, which may allow a privileged user to potentially enable escalation of privilege via local access. This could lead to a potential system compromise. **Recommendations** For versions prior to 1.5.05.46.698, upgrade the affected component to mitigate the risk. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Intel TDX versions prior to 1.5.05.46.698 **Description** The issue is related to improper input validation in some Intel TDX module software, which may allow a privileged user to potentially enable escalation of privilege via local access. This could permit an attacker to increase their privileges. **Recommendations** For versions prior to 1.5.05.46.698, update to version 1.5.05.46.698 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Azure Arc-Enabled Servers (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Guest Configuration and Azure Arc-enabled servers (affected versions not specified) **Description** The issue is related to insufficient access controls in the Azure Guest Configuration component, which is part of the Azure Policy service and the Azure Arc platform. This can allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.