On September 8, 2021, Microsoft issued a warning to its Azure customers) cloud computing customers) of a vulnerability. In essence, this flaw could potentially allow hackers access to their data. Thankfully, Microsoft has claimed to have fixed the flaw. However, a technology giant notified its potentially vulnerable Azure customers to reset their login credentials as a precaution. Meanwhile, it also asserted that customers’ data remained untouched by unauthorized access, according to an internal investigation by Microsoft.
Microsoft Acknowledged the Palo Alto Networks
In a blog post, Microsoft also thanked Palo Alto Networks, who reported the given flaw in the first place in July. At the same time, it also assured its Azure customers that its security team successfully fixed the vulnerability. Microsoft also claimed to find no evidence that an unauthorized actor had accessed the data of its Azure customers.
Palo Alto Researcher Claims in an Interview with Reuters
Ariel Zelivansky, a researcher at Palo Alto, made some shocking claims in an interview with Reuters. He declared that its team turned out successful in breaking out of the Azure system. For the record, it is an extensively used system for containers that store programs for users.
Later, while explaining the details, he argued that the Azure containers employed un-updated code to patch a known vulnerability. Consequently, the Palo Alto team paved the way for assuming full-fledged control of clusters that incorporated containers from other users.
The Second Major Flaw in Two Weeks
The report is the second significant flaw in the Azure system that has become apparent in two weeks. In the later period of last month, Wiz security experts discovered a database flaw. It allowed it to get access to any customer database that it wanted.
In both instances, the acknowledgment of Microsoft focused on customers who might have fallen prey to researchers themselves. Surprisingly, the tech giant did not accept that the flawed code essentially put everyone at risk of getting compromised.
A long-serving container security expert, Ian Coldwater, believes that the problem reflects a fiasco to employ patches on time. It is perhaps intrinsic to the tech giant to blame its Azure customers instead of accepting responsibility. However, Microsoft can make updates themselves instead of relying on customers to implement fixes. For Ian, it is essential to keep code updated. It is because modern software prevents a lot of things that paved the way for the given attack.
Conclusion
It is another compelling example of how a security flaw can open the way for complete compromise in some instances. With hackers well-equipped to disarm the weak security measures, alongside well-funded rivals, including governments, it is time to take cybersecurity seriously.
References
- Microsoft warning to Azure customers of flaw that potentially permitted hackers access to data
- Microsoft blog post
- Microsoft warns Azure customers of vulnerability that could have paved the way for data breaches
- Microsoft warning to Azure customers about flaws that could have led to data breaches
- Azure Customers received a warning of vulnerability that could have Permitted hackers to access data
