Microsoft fixes major Azure security flaw
The second major Azure fix in as many month
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas contacted some users of its Azurecloud computingplatform about a flaw that could have been exploited by hackers to access their data.
In ablog post, the Microsoft Security Response Center (MSRC) explains that the vulnerability was discovered inAzureContainer Instances (ACI), and could be abused by malicious users to access other customers’ information.
In the post, MSRC repeatedly claims that it found no evidence that attackers had abused the technique, and it had only notified those customers whose accounts were accessed by the Palo Altocybersecurityresearchers who reported the flaw.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
Click here to start the survey in a new window«
“There is no indication any customer data was accessed due to this vulnerability. Out of an abundance of caution, notifications were sent to customers potentially affected by the researcher activities,” asserts MSRC.
Updating the cloud
Palo Alto researcher Ariel Zelivansky toldReutersthat demonstrating the potential dangers of the vulnerability had taken his team several months, and he agreed that it’s highly unlikely that threat actors would use a similar method in the real world.
Apparently, the vulnerability existed only because Azurecontainersused code that had not been updated to patch a known vulnerability; an oversight which Zelivansky’s team was able to capitalize on to get full control of a cluster that included containers from other users.
“This is the first attack on a cloud provider to use container escape to control other accounts,” said container security expert Ian Coldwater, who reviewed Palo Alto’s work atReuters’request.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Coldwater said the problem reflected a failure to apply patches in a timely fashion, a situation that tech vendors like Microsoft often ask their customers to avoid.
Notably, this is Microsoft’s second major vulnerability in its cloud computing platform, following theCosmosDB vulnerabilitylate last month.
ViaReuters
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption
Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs
Anker Nebula Mars 3 review: A powerful and truly portable projector
