Microsoft alerts Azure customers to a flaw that could have allowed hackers access to data

Microsoft has warned some of its Azure cloud computing customers that a flaw discovered by security researchers could have allowed hackers to access their data.

In a blog post from its security response team, Microsoft said it fixed the flaw reported by Palo Alto Networks and had no evidence that malicious hackers abused the technique.

He said he notified some customers that they should change their login credentials as a precaution.

The blog post followed Reuters questions about the technique described by Palo Alto. Microsoft did not respond to any of the questions, including whether it was certain that no data was accessed.

In a previous interview, Palo Alto researcher Ariel Zelivansky told Reuters that his team managed to break Azure’s widely used system into so-called containers that store programs for users.

Azure containers used code that hasn’t been updated to fix a known vulnerability, he said.

As a result, the Palo Alto team was able to gain full control of a cluster that included other users’ containers.

“This is the first attack on a cloud provider to use container leakage to control other accounts,” said container security expert Ian Coldwater, who reviewed Palo Alto’s work at the request of Reuters.

Palo Alto reported the issue to Microsoft in July. Zelivansky said the effort took several months for his team and he agreed that malicious hackers probably didn’t use a similar method in real attacks.

Still, the report is the second major flaw revealed in the core of Microsoft’s Azure system in just a few weeks. In late August, security experts at Wiz described a database flaw that would also have allowed one customer to alter another’s data.

In both cases, Microsoft’s recognition has focused on customers who may have been somehow affected by the researchers themselves, rather than everyone put at risk by their own code.

“As a precaution, notifications were sent to customers potentially affected by the researcher’s activities,” Microsoft wrote on Wednesday.

Coldwater said the problem reflects a failure to apply patches in a timely manner, something Microsoft always blames its customers for.

“Keeping the code up to date is very important,” said Coldwater. “Many of the things that made this attack possible would no longer be possible with modern software.”

Coldwater said some security software used by cloud customers would have detected malicious attacks as predicted by the security company, and that the logs would also show signs of such activity.

The survey highlighted the shared responsibility between cloud providers and customers for security.

Zelivansky said cloud architectures are generally secure, while Microsoft and other cloud providers can make fixes themselves, rather than relying on customers to apply updates.

But he noted that attacks on the cloud by well-funded adversaries, including national governments, are “a valid concern.”

They said they could have gained access to the primary digital keys for most users of the Cosmos DB database system, allowing them to steal, alter or delete millions of records.

Alerted by Wiz, Microsoft quickly fixed a configuration error that would make it easier for any Cosmos user to get into other customers’ databases, then notified some users on Thursday to change their keys.

© Thomson Reuters 2021


Leave a Comment