2 matches found
Security Updates for Azure Connected Machine Agent < 1.60 (January 2026)
The Microsoft Azure Connected Machine Agent installation on the remote host is missing security updates. It is, therefore, affected by an elevation of privilege vulnerability CVE-2026-21224. - Successful exploitation of this vulnerability could allow a local attacker to gain SYSTEM privileges on...
CVE-2026-21224
CVE-2026-21224 is a stack-based buffer overflow in the Microsoft Azure Connected Machine Agent that permits an authorized local attacker to elevate privileges on the host. The vulnerability is tied to the Azure Connected Machine Agent, with a CVSS v3.1 base score of 7.8 (HIGH) and LOCAL, LOW-Comp...