Tag
#Azure Monitor Agent
**According to the CVSS metric, the attack vector is local (AV:L) and the privilege required is none (PR:L). What privileges could an attacker gain with successful exploitation?** A local user could take advantage of this vulnerability and perform elevation of privilege (EOP). By successfully exploiting this vulnerability, the attacker could elevate their privileges to obtain root level access on the virtual machine.
Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
**What actions do customers need to take to protect themselves from this vulnerability?** Customers who have disabled Automatic Extension Upgrades or would like to upgrade an extension immediately must manually update their Azure Monitor Agent to the latest version. For more information on how to perform a manual update, see Manage Azure Monitor Agent.