Microsoft Security Response Center

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could view unbound refresh tokens issued by one cloud on a different cloud.

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**What type of privileges could an attacker gain through this vulnerability?** An attacker could use this vulnerability to elevate privileges from Low Integrity Level in a contained ("sandboxed") excution environment to escalate to a Medium Integrity Level or a High Integrity Level. Please refer to https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation and https://learn.microsoft.com/en-us/windows/win32/secauthz/mandatory-integrity-control

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to local clients only.

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

**How could an attacker exploit this vulnerability?** This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of methods, such as via a phishing attack where a user clicks an executable file that is attached to an email.

**Where can I find more information about StorSimple 8000 Series?** StorSimple 8000 series is a hybrid cloud storage solution. Please see StorSimple 8000 series for more information.

**How could an attacker exploit this vulnerability?** An attacker who knows the randomly generated external DNS endpoint for an Azure Arc-enabled Kubernetes cluster can exploit this vulnerability from the internet. Successful exploitation of this vulnerability, which affects the cluster connect feature of Azure Arc-enabled Kubernetes clusters, allows an unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster. Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc; therefore Azure Stack Edge devices are also vulnerable.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?** An attacker needs to have CreateComposeDeployment permission to exploit this vulnerability. Please refer to the **Security/ClientAccess** section of Customize Service Fabric cluster settings for more information on the permission.