Microsoft has warned some of its Azure cloud computing customers that a flaw discovered by security researchers could have given hackers access to their data.
In a blog post from its security response team, Microsoft said it fixed the flaw reported by Palo Alto Networks and had no evidence that malicious hackers abused the technique.
He said he informed some customers that they needed to change their login credentials as a precaution.
The blog post followed questions from Reuters about the technique described by Palo Alto. Microsoft did not answer any of the questions, including whether it was certain that no data had been viewed.
In a previous interview, Ariel Zelivansky, a researcher at Palo Alto, told Reuters that his team had succeeded in breaking out of Azure’s widely used system for so-called containers that store programs for users.
Azure containers were using code that had not been updated to fix a known vulnerability, he said.
As a result, the Palo Alto team was finally able to gain full control of a cluster that included containers from other users.
“This is the first attack on a cloud provider to use container evasion to control other accounts,” said Ian Coldwater, longtime container security expert, who has reviewed Palo’s work. Viola at the request of Reuters. Palo Alto reported the issue to Microsoft in July. Zelivansky said the effort took his team several months, and he agreed that malicious hackers probably did not use a similar method in actual attacks.
Still, the report is the second major flaw revealed in Microsoft’s core Azure system in as many weeks. At the end of August, security experts at Wiz described a database flaw that also allegedly allowed one customer to modify another’s data.
In both cases, Microsoft’s recognition focused on customers who might have been affected in some way or another by the researchers themselves, rather than anyone put at risk by their own code.
“As a precaution, notifications have been sent to customers potentially affected by the activities of the researchers,” Microsoft wrote on Wednesday.
Coldwater said the issue reflected a failure to apply patches in a timely manner, which Microsoft has often criticized its customers for.
“Keeping the code up to date is really important,” said Coldwater. “A lot of the things that made this attack possible would no longer be possible with modern software. “
Coldwater said some security software used by cloud customers would have detected malicious attacks like the one envisioned by the security company, and logs would also show signs of such activity.
The study highlighted the shared responsibility between cloud providers and customers for security.
Zelivansky said cloud architectures are generally secure, while Microsoft and other cloud providers can patch themselves, rather than relying on customers to apply updates.
But he noted that attacks in the cloud by well-funded adversaries, including national governments, are “a valid concern.”
- Microsoft warns Azure customers of flaw that could have allowed hackers to access data
- Microsoft fixes a major security flaw in Azure
- Microsoft fixes a bug allowing hackers to take over Azure containers
- Microsoft warns customers that Azure Cosmos DB vulnerability has exposed their databases for years
- Former AWS veteran Charlie Bell to lead cybersecurity operations at Microsoft
- Azure users running Linux virtual machines should update their systems immediately
- Microsoft Azure virtual machines exploited to abandon Mirai, miners
- Microsoft shares tips on securing Azure Cosmos DB accounts
- Microsoft Says Azure Users Will Have To Fix These Worrisome Security Flaws On Their Own