Microsoft warns of Azure vulnerability with data leak potential
Microsoft warned some of its Azure cloud computing customers that a flaw could have allowed hackers access to their data. A security researcher discovered the vulnerability several weeks ago.
The software giant's security response team claims to have fixed the flaw. Unremedied, the vulnerability could have allowed users to access other customers' information in the Azure Container Instances (ACI) service.
In a blog post, Microsoft claims its team did not find any evidence of malicious hackers abusing the vulnerability. As a safety precaution, the company advised some of its users to change their login credentials.
"The vulnerability is fixed, and our investigation surfaced no unauthorized access in other clusters," Microsoft's statement reads.
It's not the first time Azure services have run into security problems in recent months. At the start of August, a security researcher dubbed Wiz discovered a critical vulnerability within the Azure Cosmos database.
According to Reuters, Microsoft's blog post followed questions from Reuters about the technique described by Palo Alto, even though Microsoft did not answer any of the questions journalist sent.
In an earlier interview, Palo Alto researcher Ariel Zelivansky told Reuters his team had been able to break out of Azure's widely used system for so-called containers that store programs for users.
The Azure containers used code that had not been updated to patch a known vulnerability, he said. As a result, the Palo Alto team could get complete control of a cluster that included containers from other users.
Abused by a malicious actor, such vulnerability would allow unauthorized access of information and services supported by cloud services. Many global businesses use Azure services, including Airbus Defence and Space, BMW, Verizon, Uber, Chevron, and others.
Cloud experts have noted that the rapid transition to cloud spurred by the outbreak of COVID-19 and subsequent global self-isolation trend made some adopters cut costs on security.
More from CyberNews:
Subscribe to our newsletter