Currently, there is no evidence that this particular Azure vulnerability was exploited to gain unauthorized access to customer data.
In its newest blog post, Microsoft’s Security Response Center (MSRC) has warned Azure cloud computing users about a flaw in the system that allows hackers to access their data.
According to Microsoft, the flaw was reported by Palo Alto Networks’ security researchers and was identified in the Azure Container Instances (ACI). ACI allows customers to run apps in containers on Azure through virtual machines, which Microsoft manages.
Were ACI accounts Impacted?
The flaw could have allowed a user to access customers’ data stored in the ACI service. But, the company noted that there is currently no evidence that the flaw was exploited to gain unauthorized access to customer data.
“Out of an abundance of caution, we notified customers with containers running on the same clusters as the researchers via Service Health Notifications in the Azure Portal. If you did not receive a notification, no action is required with respect to this vulnerability,” Microsoft’s post read.
The Vulnerability is Fixed!
The software giant has mitigated the vulnerability and thanked Palo Alto Networks for notifying it about the flaw and collaborating with its team under Coordinated Vulnerability Disclosure (CVD).
“The vulnerability is fixed and our investigation surfaced no unauthorized access in other clusters. If you are unsure whether your subscription or organization has received a notification, please contact Azure Support.”
In July, Palo Alto Networks reported the vulnerability and confirmed that threat actors hadn’t exploited it in real attacks. However, Microsoft noted that it is crucial to revoke any privileged credential deployed to the Azure cloud computing platform before 31 August 2021.
About Azure’s Widely Used Container System
Palo Alto Networks’ researcher Ariel Zelivansky stated that his team could break out of Azure’s container system that stores programs for its users through a code, which was not updated to patch an already identified vulnerability.
Resultantly, Zelivansky and his team could obtain full control of a cluster that includes other users’ containers. Container security expert Ian Coldwater regards it as the first attack against a cloud provider using container escape for controlling other accounts.
“Keeping code updated is really important. A lot of the things that made this attack possible would no longer be possible with modern software,” Coldwater added.