Info-tech

Microsoft warns Azure customers of flaw that could have permitted hackers access to data

Reuters San Francisco | Updated on September 09, 2021

Flaw reported by Palo Alto Networks

Microsoft warned some of its Azure cloud computing customers that a flaw discovered by security researchers could have allowed hackers access to their data.

In a blog post from its security response team, Microsoft said it had fixed the flaw reported by Palo Alto Networks and it had no evidence malicious hackers had abused the technique.

It said it had notified some customers they should change their login credentials as a precaution.

The blog post followed questions from Reuters about the technique described by Palo Alto. Microsoft did not answer any of the questions,including whether it was confident no data had been accessed.

Palo Alto team’s findings

In an earlier interview, Palo Alto researcher Ariel Zelivansky told Reuters his team had been able to break out of Azure’s widely used system for so-called containers that store programmes for users.

The Azure containers used code that had not been updated to patch a known vulnerability, he said.

As a result the Palo Alto team was able to eventually get full control of a cluster that included containers from other users.

Palo Alto reported the issue to Microsoft in July. Zelivansky said the effort had taken his team several months and he agreed that malicious hackers probably had not used a similar method in real attacks.

Still, the report is the second major flaw revealed in Microsoft’s core Azure system in as many weeks. In late August, security experts at Wiz described a database flaw that also would have allowed one customer to alter another’s data.

Published on September 09, 2021

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like