{
  "document" : {
    "aggregate_severity" : {
      "text" : "hoch"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "Microsoft Windows Admin Center ist ein webbasiertes Tool zur Verwaltung von Windows Servern, Clustern und PCs.\r\nAzure ist eine Cloud Computing-Plattform von Microsoft.\r\nMicrosoft Azure Linux ist eine von Microsoft entwickelte Linux-Distribution, die für die Ausführung von Workloads in der Azure-Cloud optimiert ist.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein Angreifer kann mehrere Schwachstellen in Microsoft Windows Admin Center, Microsoft Azure und Microsoft Azure Linux ausnutzen, um seine Privilegien zu erhöhen, um Informationen offenzulegen, und um falsche Informationen darzustellen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Linux\n- Sonstiges\n- Windows",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2026-0655 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0655.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2026-0655 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0655"
    }, {
      "category" : "external",
      "summary" : "Microsoft Leitfaden für Sicherheitsupdates",
      "url" : "https://msrc.microsoft.com/update-guide/"
    } ],
    "source_lang" : "en-US",
    "title" : "Microsoft Azure Komponenten: Mehrere Schwachstellen",
    "tracking" : {
      "current_release_date" : "2026-03-10T23:00:00.000+00:00",
      "generator" : {
        "date" : "2026-03-11T08:32:00.577+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.5.0"
        }
      },
      "id" : "WID-SEC-W-2026-0655",
      "initial_release_date" : "2026-03-10T23:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2026-03-10T23:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      } ],
      "status" : "final",
      "version" : "1"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version",
          "name" : "Arc Enabled Servers-Connected Machine Agent",
          "product" : {
            "name" : "Microsoft Azure Arc Enabled Servers-Connected Machine Agent",
            "product_id" : "T051517",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:microsoft:azure:arc_enabled_servers_-_connected_machine_agent"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "IoT Explorer",
          "product" : {
            "name" : "Microsoft Azure IoT Explorer",
            "product_id" : "T051518",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:microsoft:azure:iot_explorer"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "MCP Server Tools",
          "product" : {
            "name" : "Microsoft Azure MCP Server Tools",
            "product_id" : "T051519",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:microsoft:azure:mcp_server_tools"
            }
          }
        }, {
          "category" : "product_version",
          "name" : "AD SSH Login extension for Linux",
          "product" : {
            "name" : "Microsoft Azure AD SSH Login extension for Linux",
            "product_id" : "T051522",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:microsoft:azure:ad_ssh_login_extension_for_linux"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Azure"
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "Virtual Machines with Azure Diagnostics extension",
          "product" : {
            "name" : "Microsoft Azure Linux Virtual Machines with Azure Diagnostics extension",
            "product_id" : "T051520",
            "product_identification_helper" : {
              "cpe" : "cpe:/o:microsoft:azure_linux:virtual_machines_with_azure_diagnostics_extension"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Azure Linux"
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "Azure Automation Hybrid Worker Extension",
          "product" : {
            "name" : "Microsoft Windows Azure Automation Hybrid Worker Extension",
            "product_id" : "T051521",
            "product_identification_helper" : {
              "cpe" : "cpe:/o:microsoft:windows:azure_automation_hybrid_worker_extension"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Windows"
      }, {
        "branches" : [ {
          "category" : "product_version",
          "name" : "in Azure Portal",
          "product" : {
            "name" : "Microsoft Windows Admin Center in Azure Portal",
            "product_id" : "T051523",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:microsoft:windows_admin_center:in_azure_portal"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Windows Admin Center"
      } ],
      "category" : "vendor",
      "name" : "Microsoft"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2026-23651",
    "product_status" : {
      "known_affected" : [ "T051518", "T051519", "T051517", "T051523", "T051521", "T051522", "T051520" ]
    },
    "release_date" : "2026-03-10T23:00:00.000+00:00",
    "title" : "CVE-2026-23651"
  }, {
    "cve" : "CVE-2026-23660",
    "product_status" : {
      "known_affected" : [ "T051518", "T051519", "T051517", "T051523", "T051521", "T051522", "T051520" ]
    },
    "release_date" : "2026-03-10T23:00:00.000+00:00",
    "title" : "CVE-2026-23660"
  }, {
    "cve" : "CVE-2026-23661",
    "product_status" : {
      "known_affected" : [ "T051518", "T051519", "T051517", "T051523", "T051521", "T051522", "T051520" ]
    },
    "release_date" : "2026-03-10T23:00:00.000+00:00",
    "title" : "CVE-2026-23661"
  }, {
    "cve" : "CVE-2026-23662",
    "product_status" : {
      "known_affected" : [ "T051518", "T051519", "T051517", "T051523", "T051521", "T051522", "T051520" ]
    },
    "release_date" : "2026-03-10T23:00:00.000+00:00",
    "title" : "CVE-2026-23662"
  }, {
    "cve" : "CVE-2026-23664",
    "product_status" : {
      "known_affected" : [ "T051518", "T051519", "T051517", "T051523", "T051521", "T051522", "T051520" ]
    },
    "release_date" : "2026-03-10T23:00:00.000+00:00",
    "title" : "CVE-2026-23664"
  }, {
    "cve" : "CVE-2026-23665",
    "product_status" : {
      "known_affected" : [ "T051518", "T051519", "T051517", "T051523", "T051521", "T051522", "T051520" ]
    },
    "release_date" : "2026-03-10T23:00:00.000+00:00",
    "title" : "CVE-2026-23665"
  }, {
    "cve" : "CVE-2026-26117",
    "product_status" : {
      "known_affected" : [ "T051518", "T051519", "T051517", "T051523", "T051521", "T051522", "T051520" ]
    },
    "release_date" : "2026-03-10T23:00:00.000+00:00",
    "title" : "CVE-2026-26117"
  }, {
    "cve" : "CVE-2026-26118",
    "product_status" : {
      "known_affected" : [ "T051518", "T051519", "T051517", "T051523", "T051521", "T051522", "T051520" ]
    },
    "release_date" : "2026-03-10T23:00:00.000+00:00",
    "title" : "CVE-2026-26118"
  }, {
    "cve" : "CVE-2026-26121",
    "product_status" : {
      "known_affected" : [ "T051518", "T051519", "T051517", "T051523", "T051521", "T051522", "T051520" ]
    },
    "release_date" : "2026-03-10T23:00:00.000+00:00",
    "title" : "CVE-2026-26121"
  }, {
    "cve" : "CVE-2026-26122",
    "product_status" : {
      "known_affected" : [ "T051518", "T051519", "T051517", "T051523", "T051521", "T051522", "T051520" ]
    },
    "release_date" : "2026-03-10T23:00:00.000+00:00",
    "title" : "CVE-2026-26122"
  }, {
    "cve" : "CVE-2026-26124",
    "product_status" : {
      "known_affected" : [ "T051518", "T051519", "T051517", "T051523", "T051521", "T051522", "T051520" ]
    },
    "release_date" : "2026-03-10T23:00:00.000+00:00",
    "title" : "CVE-2026-26124"
  }, {
    "cve" : "CVE-2026-26141",
    "product_status" : {
      "known_affected" : [ "T051518", "T051519", "T051517", "T051523", "T051521", "T051522", "T051520" ]
    },
    "release_date" : "2026-03-10T23:00:00.000+00:00",
    "title" : "CVE-2026-26141"
  }, {
    "cve" : "CVE-2026-26148",
    "product_status" : {
      "known_affected" : [ "T051518", "T051519", "T051517", "T051523", "T051521", "T051522", "T051520" ]
    },
    "release_date" : "2026-03-10T23:00:00.000+00:00",
    "title" : "CVE-2026-26148"
  } ]
}