<< Back
CVE Number Vulnerability Product Severity Date
CVE-2024-21329 Azure Connected Machine Agent Elevation of Privilege Vulnerability Microsoft Azure Important 19-02-2024

Technical Information

Azure Connected Machine Agent allows you to manage machines hosted outside Azure. A non-admin local user who has sufficient permissions to create symbolic links on a Windows computer that has Azure Connected Machine Agent installed (or before the agent is installed) could create links from a directory used by the agent to other privileged files on the computer. If the administrator later installs virtual machine extensions on the machine, those files could be deleted. An attacker who successfully exploited the vulnerability could add symlinks and cause an arbitrary file delete as SYSTEM.

Patch release date: Feb 13, 2024
Further information on this vulnerability is available at CVE-2024-21329

Affected Software

Azure Connected Machine Agent