#Security Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** Successful exploitation of this vulnerability could allow an attacker to perform operations in the victim's hybrid cloud environment with the same privileges as the compromised managed identity.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

**According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N), but has major impact on integrity (I:H) and availability (A:H). What does that mean for this vulnerability?** Exploitation of this vulnerability does not disclose any confidential information but allows an attacker to modify or delete files containing data which could cause the service to become unavailable.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** An attacker is required to compromise the credential of a victim who has been assigned the role of “Cluster Admin” or “Cluster Operator” by an administrator prior to attempting to exploit the vulnerability.

**How could an attacker exploit this vulnerability?** In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

**How could an attacker exploit this vulnerability?** An attacker who successfully exploited this vulnerability could gain remote code execution (RCE) on the victim's machine.