Details tied to a pair of remote code execution bugs in Microsoft s IoT security platform called Azure Sphere were released Monday. The bugs piggyback on six vulnerabilities found in July also impacting the same cloud security platform. Microsoft declined to issue any CVEs, according to a research brief published Monday. Cisco Talos researchers also disclosed two privilege escalation vulnerabilities, both rated high-severity and impacting Microsoft Azure Sphere 20.06. Both bugs are also patched. Microsoft’s Azure Sphere is designed to secure microcontroller units typically found within IoT networks.
Source: https://threatpost.com/four-more-bugs-patched-in-microsofts-azure-sphere-iot-platform/158643/