Microsoft alerted some Azure cloud computing users that a vulnerability uncovered by security experts might have given hackers access to their data.
In a blog post from its security response team, Microsoft stated it had patched the issue identified by Palo Alto Networks and had no sign malicious attackers had exploited the technique. It further stated that certain users have been asked to change their login passwords as a preventive measure.
The blog post was in response to an inquiry from Reuters regarding Palo Alto’s technique. Microsoft refused to respond to any of the inquiries, including whether or not it was assured that no data had been accessed.
Palo Alto researcher Ariel Zelivansky told Reuters in a previous interview that his team had cracked Azure’s widely used platform for so-called containers, which store applications for users.
According to him, the Azure containers utilized code that had not been updated to address a known vulnerability. As a result, the Palo Alto team was finally able to gain entire authority over a group that comprised containers from other users.
Ian Coldwater, a longtime container security expert who evaluated Palo Alto’s work at the request of Reuters stated, “This is the first attack on a cloud provider to use container escape to control other accounts.”
In July, Palo Alto reported the problem to Microsoft. Zelivansky added it took his team several months to complete the project and agreed that malicious hackers were unlikely to apply a similar approach in real-world attacks.
Nonetheless, this is the second significant issue discovered in Microsoft’s fundamental Azure infrastructure in less than a month. Wiz security specialists revealed a database vulnerability in late August that would’ve let one client modify the data of another.
In both situations, Microsoft’s remarks were directed to customers who may have been harmed by the researchers’ work, rather than everyone who was put in danger by its own code.
Microsoft wrote, “Out of an abundance of caution, notifications were sent to customers potentially affected by the researcher’s activities.”
According to Coldwater, the issue stemmed from a failure to deploy fixes on time, something Microsoft has frequently faulted on its customers. He said that certain cloud security tools would have identified malicious assaults similar to the one predicted by the security firm and that logs would also indicate evidence of such activity.
The research emphasized that security is a collective responsibility between cloud providers and clients.
Cloud architectures, according to Zelivansky, are typically safe, Microsoft and other cloud providers can make improvements themselves rather than relying on customers to do so.
He further added, cloud attacks by well-funded opponents such as sovereign governments, are a legitimate concern.