Posted on September 9, 2021 at 4:18 PM
Microsoft Notifies Azure Customers Of A Flaw That Could Invite Hackers
Tech giant Microsoft has published an advisory about a security flaw in the Azure Container Instances (ACI) that could allow threat actors to steal customers’ data.
This recent publication is coming only a few weeks after Microsoft patch a similar vulnerability in the Cosmos DB that exposed data of many Fortune 500 companies.
In the latest development, the tech giant pointed out that the security researchers at Palo Alto Networks discovered the flaw. After reporting their findings, both firms collaborated to provide patches to the flaw and inform affected customers.
While Microsoft didn’t reveal much in the advisory, it noted that the bug can enable a customer to have access to the data of another customer on the same network.
The company says it has already informed customers who are potential targets through Azure’s Service Health Notifications.
Microsoft also stated that there is no evidence that customers’ details have been accesses, but for the customers to stay on a safer side, they have been sent notifications.
Customers Asked To Apply Updates Regularly
In the notification, customers have been asked to activate the privilege credentials deployed on the platform. They should also configure Azure Service Health Alerts and follow ACI security baselines.
Customers have also been advised to stay up to date on vital security updates. They have also been asked to contact Azure if they have security-related questions. Microsoft has also asked Azure customers to change their login details as a security precaution.
Palo Alto researcher Ariel Zelivansky, during an interview with Reuters, stated that his research team succeeded in breaking out of Azure’s most commonly used system, especially for the containers that store users’ programs.
He added that the containers the team discovered utilized codes that had not been updated against a known flaw.
During their research, the team was able to have full access to the clusters, which had containers of other Azure users. It means that the vulnerability is a critical one and can be exploited by other users to gain full control of another user’s account.
A First Of Its Kind To Utilize Container Escape
The researcher also admitted that the vulnerability has provided an opportunity for threat actors. He admitted that the research team was the first to user container escape on a cloud provider to gain access to other users’ accounts.
Zelivansky added that the research has taken the security team several months to conclude, and they were only able to report their findings to Microsoft in July. Per Microsoft’s assessment, the researcher also thinks the vulnerability has not been exploited in the wild.
The Increased Spate Of Flaws In Microsoft Azure
In the past, it has been difficult to find a report about Microsoft Azure’s vulnerability. It can even go months before any bug is detected and reported. But this year alone, there have been several bug reports on Azure. The previous report and the latest discovery by the Palo Alto security team are only a few weeks apart.
Last month, security researchers at Whiz revealed a database vulnerability on the Microsoft Azure system that would have enabled a customer to make changes to another customer’s data.
The good news about the discovered bugs is the fact that they were not discovered by threat actors, but by security researchers. As a result, the company was able to develop a patch to the flaw before hackers could start exploring the networks.
In both cases, Microsoft concentrated on those that may have been exposed due to the activities of the researchers. As a result, the tech giant informed only those that may be at risk rather than everyone using the Azure system.
Sharing Security Responsibility
The researchers added that the issue is a result of the failure of some Microsoft customers to apply patches promptly. And Microsoft has often hammered on the same issue repeatedly because a failure to apply updates could invite threat actors to their systems.
“A lot of the things that made this attack possible would no longer be possible with modern software,” the researchers stated. They added that there should be shared responsibility between customers and cloud providers for security.