Security Alerts

  • Home
  • Security Alerts

Microsoft Azure Services Flaws Could've Exposed Cloud Resources to Unauthorized Access

Microsoft Azure services, including Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins, were found to be vulnerable to server-side request forgery (SSRF) attacks. These vulnerabilities could have allowed an attacker to gain unauthorized access to cloud resources. The issues were discovered by Orca between October 8, 2022 and December 2, 2022, and have since been addressed by Microsoft. Two of the vulnerabilities did not require any authentication to exploit, enabling a threat actor to take control of a server without having an Azure account. The flaws were rated Important in severity, except for the SSRF flaw impacting Azure Machine Learning which was rated Low in severity. Organizations are recommended to validate all input, ensure servers are configured to only allow necessary inbound and outbound traffic, avoid misconfigurations, and adhere to the principle of least privilege.

Link

https://thehackernews.com/2023/01/microsoft-azure-services-flaws-couldve.html