Home Tech Microsoft Warns Azure Customers of Flaw That Could Have Permitted Hackers Access...

Microsoft Warns Azure Customers of Flaw That Could Have Permitted Hackers Access to Data


Microsoft warned some of its Azure cloud computing customers that a flaw discovered by security researchers could have allowed hackers access to their data.

In a blog post from its security response team, Microsoft said it had fixed the flaw reported by Palo Alto Networks and it had no evidence malicious hackers had abused the technique.

It said it had notified some customers they should change their login credentials as a precaution.

The blog post followed questions from Reuters about the technique described by Palo Alto. Microsoft did not answer any of the questions, including whether it was confident no data had been accessed.

In an earlier interview, Palo Alto researcher Ariel Zelivansky told Reuters his team had been able to break out of Azure’s widely used system for so-called containers that store programmes for users.

The Azure containers used code that had not been updated to patch a known vulnerability, he said.

As a result the Palo Alto team was able to eventually get full control of a cluster that included containers from other users.

“This is the first attack on a cloud provider to use container escape to control other accounts,” said longtime container security expert Ian Coldwater, who reviewed Palo Alto’s work at Reuters’ request.

Palo Alto reported the issue to Microsoft in July. Zelivansky said the effort had taken his team several months and he agreed that malicious hackers probably had not used a similar method in real attacks.

Still, the report is the second major flaw revealed in Microsoft’s core Azure system in as many weeks. In late August, security experts at Wiz described a database flaw that also would have allowed one customer to alter another’s data.

In both cases, Microsoft’s acknowledgment focused on those customers who might have been somehow affected by the researchers themselves, rather than everyone put at risk by its own code.

“Out of an abundance of caution, notifications were sent to customers potentially affected by the researcher activities,” Microsoft wrote on Wednesday.

Coldwater said the problem reflected a failure to apply patches in a timely fashion, something Microsoft has often blamed its customers for.

“Keeping code updated is really important,” Coldwater said. “A lot of the things that made this attack possible would no longer be possible with modern software.”

Coldwater said that some security software used by cloud customers would have detected malicious attacks like the one envisioned by the security company, and that logs would also show signs of any such activity.

The research underscored the shared responsibility between cloud providers and customers for security.

Zelivansky said cloud architectures are generally safe, while Microsoft and other cloud providers can make fixes themselves, rather than rely on customers to apply updates.

But he noted that cloud attacks by well-funded adversaries, including national governments, are “a valid concern.”

© Thomson Reuters 2021




Source link

RELATED ARTICLES

What Are Fractionalised NFTs? | NDTV Gadgets 360

After the skyrocketing popularity of NFTs among collectors, a new trend is the emergence of fractionalised NFTs (non-fungible tokens), that allow someone who...

Crypto Explained: What Is Cryptocurrency Staking?

Crypto staking is a method that people can follow to lock some part of their cryptocurrencies as a way to contribute to a blockchain network....

How to Recover Deleted Files From Google Drive

Google Drive stocks and organises your content in the cloud to access it at any time. If a user has deleted any...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

IPL 2021, RCB vs MI: Harshal Patel Takes Hat-Trick Against Mumbai Indians; Joins Elite List Of Bowlers

Harshal Patel bagged four wickets against Mumbai Indians, including a hat-trick.© IPLPurple cap holder Harshal Patel took a breathtaking hat-trick against defending champions...

Would’ve Lost Galwan, Doklam If India Had Not Invested In Security: Army Vice-Chief

<!-- -->Lieutenant General Mohanty said Indian armed forces are a symbol of national integrationNew Delhi: Vice Chief of Army Staff Lieutenant General C...

Iran Fails To Fully Honour Agreement On Monitoring Equipment: UN Nuclear Watchdog

<!-- -->Iran's decision not to allow Agency access to manufacturing workshop is contrary to agreed terms: IAEAVienna: Iran has failed to fully honour...

BJP “Changed” Caste Of King Mihir Bhoj For Votes, Says Akhilesh Yadav

<!-- -->BJP is trying to tamper with historical facts to secure votes, Akhilesh Yadav alleged. FileLucknow: Samajwadi Party (SP) chief Akhilesh Yadav today...

Recent Comments