Microsoft Azure Arc Privilege Escalation Vulnerability via Command Injection

A command injection vulnerability in Azure Arc allows authorized attackers to locally elevate privileges. This issue arises from improper handling of special elements in commands, enabling exploitation by manipulating command execution. The vulnerability affects Azure Arc installations via Group Policy, specifically those with the GPO '[MSFT] Azure Arc Servers Onboarding' applied.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing attackers to gain SYSTEM privileges.

Remediation

To address this vulnerability, unassign and delete the existing Group Policy Object from the Group Policy Management Console. Then, download the updated scripts from the 'Fixed agent proxy parameter' release version 1.0.10 in the Azure Arc Enabled Servers Group Policy GitHub repository. Afterward, run the DeployGPO script with the same parameters as before and assign the new Group Policy Object to the appropriate groups, domains, or units.