[BreachExchange] Customers of Microsoft Azure Cloud Warned of Potential Security Flaws

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Thu Sep 9 08:24:58 EDT 2021


https://www.itnewsafrica.com/2021/09/customers-of-microsoft-azure-cloud-warned-of-potential-security-flaws/

Microsoft has issued a warning to some of its Azure Cloud customers that a
flaw discovered by a security research team could have allowed threat
actors to access their data.

According to Reuters, the tech mega-conglomerate said in a blog post,
written by its security response team, that the flaw reported by
researchers from Palo Alto Networks has been fixed, and that there had been
no evidence that cybercriminals were able to access any Azure cloud data.

The blog post continues to say that Microsoft has notified some of its
customers to change their login credentials as a precaution.

Researchers from the Palo Alto team discovered an exploit around a
widely-used system in Azure called ‘containers’, which store programs for
users. According to Palo Alto researcher Ariel Zelivansky, Azure’s
containers used code that had not been updated to patch a known
vulnerability.

As a result of the unpatched flaw, Zelivansky and his team were able to
eventually gain full control of a cluster that included containers from
other users. The effort had taken the team several months.

Luckily for Microsoft, it was security researchers that discovered the flaw
and not threat actors. Zelivansky even agreed that the method had probably
not been already discovered by malicious hackers.

If exploited by a group of cybercriminals with enough skill, or by
well-funded entities like national governments, Microsoft would have had a
catastrophic data breach on their hands. Microsoft Azure is used by a vast
number of enterprises, including huge international corporations like eBay,
BMW, Samsung, and Boeing.

This security flaw is the second major flaw revealed in Microsoft’s core
Azure system in as many weeks. Last month, security experts at Wiz
described a database flaw that also would have allowed one Azure Cloud
customer to alter the data of another customer.

In either occurrence, Microsoft had advised caution to its customers that
they may have somehow been affected by the security researchers discovering
the flaw instead of acknowledging the holes in its code.

“Out of an abundance of caution, notifications were sent to customers
potentially affected by the researcher activities,” Microsoft wrote on
Wednesday.

According to container security expert Ian Coldwater, who spoke with
Reuters, the problem reflected a failure on Microsoft’s part to apply
continual patches in a timely fashion.

“Keeping code updated is really important,” Coldwater said. ”

A lot of the things that made this attack possible would no longer be
possible with modern software.”

Coldwater added that some security software used by cloud customers would
have been able to detect if malicious hackers exploited the flaw discovered
by the Palo Alto team and that logs would have also shown signs of any such
activity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210909/da18d47d/attachment.html>


More information about the BreachExchange mailing list