Any principal granted the Avere Contributor role, scoped to the affected VM, can reset the built-in administrator password on the VM.
Abuse Info
The Avere Contributor role allows you to run SYSTEM commands on the VM
Via PowerZure:
Opsec Considerations
Because you’ll be running a command as the SYSTEM user on the Virtual Machine, the same opsec considerations for running malicious commands on any system should be taken into account: command line logging, PowerShell script block logging, EDR, etc.
References
- https://attack.mitre.org/tactics/TA0008/
- https://attack.mitre.org/techniques/T1021/
- https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#avere-contributor
Updated