Full Report
The Microsoft Edge Developer VM were images that Microsoft published to make testing on different versions of Edge or IE easier. One day, while looking at processes on Windows, they noticed a Ruby script associated with Puppet running. Puppet is a configuration management system that they had seen in the past. Confusingly, the Puppet configuration was never setup. By initializing it yourself, you're able to take control of the instance. This requires the ability to edit the hostname puppet to point to a particular IP though. Software NOT being configured or being able to reconfigure is a real bug class that needs to be considered. Low impact but still interesting none-the-less.
Analysis Summary
# Vulnerability: Unconfigured Puppet Agent on Microsoft Edge Developer VMs Leading to Remote Code Execution
## CVE Details
- CVE ID: Not explicitly assigned in the source text. (Implied vulnerability in the provided images)
- CVSS Score: Not provided. (Severity based on impact assessment: High due to RCE, but the attack surface is deprecated.)
- CWE: CWE-814: Improper Neutralization of Data with Ambiguous Interpretation (If configuration/initialization logic is flawed) or CWE-284: Improper Access Control (If agent trusts invalid peer configuration implicitly).
## Affected Systems
- Products: Microsoft Edge Developer VM (VirtualBox Windows 10 variant)
- Versions: Older images, specifically those containing the Puppet Agent version 3.8.7 or earlier configurations, notably available up to March 2023 via external archival sources. The Windows 11 VirtualBox VM is reported as **not affected**.
- Configurations: VMs that utilize Microsoft's default, unconfigured installation of the Puppet agent (v3.8.7).
## Vulnerability Description
The Microsoft Edge Developer Virtual Machines (VMs) were shipped with the Puppet agent installed but critically unconfigured. In its default state without configuration, the Puppet agent attempts to locate a Puppet server by querying the hostname `puppet` (and suffixes appended by DNS). If an attacker controls a server responding to this hostname and port 8140/TCP, the agent automatically connects, submits a Certificate Signing Request (CSR), and trusts the response, allowing command execution. Since the required configuration is an automatically occurring network lookup, this leads to remote code execution (RCE) on the VM with SYSTEM privileges upon connection, requiring no user interaction.
## Exploitation
- Status: Proof of Concept (PoC) demonstrated successfully against a fresh VM instance.
- Complexity: Low (Requires hosting a specially configured Puppet server and redirecting DNS resolution for the `puppet` hostname to point to the attacker's server).
- Attack Vector: Network (The agent initiates the connection outward to the attacker-controlled server).
## Impact
- Confidentiality: High (SYSTEM-level code execution allows access to all data on the VM).
- Integrity: High (SYSTEM-level code execution allows modification or destruction of system files/settings).
- Availability: High (Can result in system compromise or denial of service).
## Remediation
### Patches
- **Official Microsoft Patch:** Not explicitly documented as Microsoft has discontinued support and distribution of these specific developer VMs. The recommendation is to destroy and cease use of these images.
### Workarounds
1. **Immediate Removal:** Delete and cease using imported Microsoft Edge Developer VMs, especially the older Windows 10 VirtualBox images.
2. **Network Isolation:** Restrict outbound network traffic from these VMs to prevent them from resolving/connecting to malicious infrastructure on port 8140/TCP.
3. **Agent Removal:** Manually uninstalling the Puppet agent services and files from any running instances.
## Detection
- **Indicators of Compromise (IoCs):**
- Outbound connections originating from the VM (especially at boot or every 30 minutes) attempting to connect TCP port 8140 (Destination IP of attacker's server).
- The process `ruby.exe` running from the Puppet Labs path being executed as SYSTEM.
- Presence of unexpected files (`ncat.exe` mentioned in the PoC) or persistent shells indicating successful execution of a Puppet manifest.
- **Detection Methods and Tools:** Monitoring outbound TCP traffic on high-numbered ports or specifically 8140/TCP originating from the VM, correlated with the hostname resolution of `puppet`. Endpoint Detection and Response (EDR) systems flagging the execution chain starting from the Puppet service daemon.
## References
- Vendor Advisories: None available from Microsoft regarding this specific unconfigured state in the published VMs.
- Relevant Links:
- Discovery Post: hxxps://infosec.rm-it.de/2025/02/17/microsoft-edge-developer-vm-remote-code-execution/
- Affected VM Archive Link: hxxps://archive.org/download/modern.ie-vm
- Flare-VM Commit showing usage: hxxps://github.com/mandiant/flare-vm/commit/b39f68beae8e8f1617682c528dfa82e0892d1d14