Next Azure container vulnerability allowed data theft

[German]Microsoft issued a warning to its Azure customers about a security vulnerability that could have allowed hackers to access data. The punchline: It involved containers whose code had a known vulnerability that had not been patched. Microsoft has now updated the programs. This is now the second case within a few days where serious vulnerabilities in Azure containers became public.


I can't help it, I'm sitting here laughing to myself. On-premises was yesterday, "we're moving into the cloud" is the strategy of many companies and their management. Scalable, the administration and patching is provided by the cloud provider, and the administrators that "we" needed for our on-premises solutions, are obsolete – so the argumentation in the management – at least, that's my impression. Then, when I checked the blog for today's post, I realized, that the same or similar problems as with on-premises solutions are raining down on people's feet in the cloud. It was only at the end of August that I reported on a serious vulnerability in the Azure environment in the blog post Azure: Thousands of customers threatened by ChaosDB vulnerability in Azure Cosmos DB. Now comes the next security incident for Microsoft's Azure. 

Microsoft warns Azure customers of new vulnerability

The company is warning customers about a new vulnerability that could have allowed data theft. Recently, Microsoft fixed a vulnerability in Azure Container Instances (ACI) that allowed users to access other customers' information in the ACI service. This vulnerability was reported to Microsoft by a security researcher.

While the MS security team is trying to play it down, by writing that its internal investigation found that there was no unauthorized access to customer data. However, security researcher Kevin Beaumont sums it up in the following tweet: "The Azure security model is based on the principle of hope that security researchers will report the vulnerabilities". 

Azure Container vulnerability

Microsoft states that out of an abundance of caution, they are notifying us customers with containers running on the same clusters as the security researchers about this vulnerability via Service Health Notifications in the Azure portal. Those who have not received a notification do not need to perform any actions related to this vulnerability. In this article, Microsoft provides guidance on what affected customers should do.


Palo Alto discovers vulnerability

Security researcher Ariel Zelivansk of Palo-Alto had come across the vulnerability and told Reuters a bit more about this case (Microsoft remained tight-lipped on answers when asked by Reuters). The security researcher told Reuters that his team managed to crack the Azure system for containers that store programs for users. 

The affected Azure containers used code that contained a known vulnerability, and Microsoft failed to update that code in the Azure container to address that vulnerability. As a result, the Palo Alto team was eventually able to gain full control of a cluster that contained containers from other users.

Palo Alto on Azure Container vulnerability

There's the elephant in the room: We migrate to the cloud, the cloud provider does the patching. But what, if the cloud provider fails?To save our honor, we have to say that Microsoft patched after the hint from Palo Alto. Kevin Beaumont put it in a nutshell in the above tweet with a text excerpt of the Reuters article and a small picture – no more to say. If needed, you can read the details in the linked articles from Microsoft and Reuters.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Cloud, Security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *