A critical authentication vulnerability in Azure Local Disconnected allows unauthorized attackers to elevate privileges, potentially resulting in full system compromise.

This is an authentication bypass vulnerability where an unauthenticated, network-adjacent attacker can manipulate session handling to gain elevated administrative privileges within the local environment.

Successful exploitation grants an attacker administrative control over the affected Azure Local instance. Given the CVSS score of 10.0, this represents an extreme risk, enabling data exfiltration, service disruption, and lateral movement into the wider network infrastructure.

Immediate Action: Apply the latest security updates provided by Microsoft for Azure Local immediately.

Proactive Monitoring: Review administrative access logs for anomalous login patterns or unauthorized privilege escalation events.

Compensating Controls: Ensure the management interface is isolated within a secure management VLAN and restricted via strict firewall rules.

Public Exploit Available: No