Microsoft warns Azure customers of flaw that could have allowed hackers to access data
In a blog post from its security response team, Microsoft said it fixed the flaw reported by Palo Alto Networks and had no evidence that malicious hackers abused the technique.
He said he informed some customers that they needed to change their login credentials as a precaution.
blog post followed by questions from Reuters on the technique described by Palo Alto. Microsoft did not answer any of the questions, including whether it was certain that no data had been viewed.
In a previous interview, Ariel Zelivansky, a researcher at Palo Alto, told Reuters that his team had succeeded in breaking out of Azure’s widely used system for so-called containers that store programs for users.
Azure containers were using code that had not been updated to fix a known vulnerability, he said.
ALSO READ THE TECH NEWSLETTER OF THE DAY
Hours after El Salvador became the first country to adopt Bitcoin as legal tender on Tuesday, the price of the world’s most popular cryptocurrency fell from around $ 52,000 to less than $ 45,000.
As a result, the Palo Alto team was finally able to gain full control of a cluster that included containers from other users.
“This is the first attack on a cloud provider to use container evasion to control other accounts,” said Ian Coldwater, longtime container security expert, who has reviewed Palo’s work. Viola at the request of Reuters.
Palo Alto reported the issue to Microsoft in July. Zelivansky said the effort took his team several months and agreed that malicious hackers probably did not use a similar method in actual attacks.
Still, the report is the second major flaw revealed in Microsoft’s core Azure system in as many weeks. At the end of August, security experts at Wiz described a database flaw that also allegedly allowed a customer
modify the data of others.
In both cases, Microsoft’s recognition focused on customers who might have been affected in some way or another by the researchers themselves, rather than anyone put at risk by their own code.
“As a precaution, notifications have been sent to customers potentially affected by the activities of the researchers,” Microsoft wrote on Wednesday.
Coldwater said the issue reflected a failure to apply patches in a timely manner, which Microsoft has often criticized its customers for.
“Keeping the code up to date is really important,” said Coldwater. “A lot of the things that made this attack possible would no longer be possible with modern software.”
Coldwater said some security software used by cloud customers would have detected malicious attacks like the one envisioned by the security company, and logs would also show signs of such activity.
The study highlighted the shared responsibility between cloud providers and customers for security.
Zelivansky said cloud architectures are generally secure, while Microsoft and other cloud providers can patch themselves, rather than relying on customers to apply updates.
But he noted that cloud attacks by well-funded adversaries, including national governments, are “a valid concern.”