1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft fixes major Azure security flaw

    From TechnologyDaily@1337:1/100 to All on Thu Sep 9 15:15:04 2021
    Microsoft fixes major Azure security flaw

    Date:
    Thu, 09 Sep 2021 13:56:24 +0000

    Description:
    Microsofts failure to patch a known vulnerability could have enabled
    malicious users to access data in other Azure containers.

    FULL STORY ======================================================================

    Microsoft has contacted some users of its Azure cloud computing platform
    about a flaw that could have been exploited by hackers to access their data.

    In a blog post , the Microsoft Security Response Center (MSRC) explains that the vulnerability was discovered in Azure Container Instances (ACI), and
    could be abused by malicious users to access other customers information.

    In the post, MSRC repeatedly claims that it found no evidence that attackers had abused the technique, and it had only notified those customers whose accounts were accessed by the Palo Alto cybersecurity researchers who
    reported the flaw. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << We've built a list of
    the best cloud computing services available Check our roundup of the best cloud storage services These are the best endpoint protection tools

    There is no indication any customer data was accessed due to this vulnerability. Out of an abundance of caution, notifications were sent to customers potentially affected by the researcher activities, asserts MSRC. Updating the cloud

    Palo Alto researcher Ariel Zelivansky told Reuters that demonstrating the potential dangers of the vulnerability had taken his team several months, and he agreed that its highly unlikely that threat actors would use a similar method in the real world.

    Apparently, the vulnerability existed only because Azure containers used code that had not been updated to patch a known vulnerability; an oversight which Zelivanskys team was able to capitalize on to get full control of a cluster that included containers from other users.

    "This is the first attack on a cloud provider to use container escape to control other accounts," said container security expert Ian Coldwater, who reviewed Palo Alto's work at Reuters' request.

    Coldwater said the problem reflected a failure to apply patches in a timely fashion, a situation that tech vendors like Microsoft often ask their customers to avoid.

    Notably, this is Microsofts second major vulnerability in its cloud computing platform, following the CosmosDB vulnerability late last month. Protect your devices with these best antivirus software

    Via Reuters



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-fixes-major-azure-security-flaw/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)