Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Tag Archives: Azure
Stolen AAD key allowed (Storm-0558) wide-ranging access to Microsoft cloud services
[German]Microsoft had to admit on begin of July 2023 that suspected Chinese hackers from the Storm-0558 group were able to forge security tokens using a stolen private MSA key. Then then gain broad access to Microsoft cloud services, as Wiz … Continue reading
Azure Virtual Desktop: Private Link available
[German]A small addendum for administrators of Microsoft's Azure Virtual Desktop: Redmond announced last week that so-called "private links" are now generally available in Azure Virtual Desktop. This should increase the security of connections to Azure Virtual Desktop instances. This is … Continue reading
Microsoft Azure outage (June 9, 2023); what's going on?
[German]Microsoft has been struggling with outages in its cloud services (Exchange Online, Outlook.com) for days. As of June 9, 2023, the services of Microsoft Azure (probably worldwide) were disrupted. May be technical in nature – but rumor persists that attackers … Continue reading
Azure Virtual Desktop: RDP connection issues due to SxSStackListener
[German]Anyone in the readership having issues with RDP connections to Azure Virtual Desktop (AVD) these days? It looks like a particular version of SxSStackListener is causing the problem. A user wrote a PowerShell script to determine the problematic version.
3 vulnerabilities discovered in MS Azure API management
[German]Security researchers from Israeli security vendor Ermetic have discovered three vulnerabilities in Microsoft's Azure API management. Two server-side request forgery (SSRF) vulnerabilities and an unrestricted file upload issue create risks for the Microsoft cloud environment. The vulnerabilities could be abused … Continue reading
Why ISL Online: Critical factors when choosing a remote desktop solution
[Sponsored Post]In the rapidly evolving IT world, choosing the right remote desktop software is critical for organizations that value security, ease of use and reliability. One provider of secure remote access that has been on the market since 2001 is ISL Online, which presents some considerations for choosing such software below. More ...
Bi(n)gBang: Microsoft Azure vulnerability allows Bing search hijacking and Office 365 data theft
[German]A nice case about the risk of the cloud. Microsoft 's Azure may have allowed a misconfiguration of some apps or services. As a result, attackers could potentially inject malicious code into Bing search results pages to manipulate them. It … Continue reading
Azure AD Connect (AADConnect) Bug Fix Update (August 2, 2022)
Quick note for administrators who have Azure AD Connect in use. As of August 2, 2022, the developers have probably released version 2.1.16.0. The reason for this release was a bug where auto-upgrade fails if the service account is in … Continue reading
Microsoft Azure: Hotfix 2 for FSLogix 2201 (2.9.8111.53415)
Microsoft has released hotfix 2 (2.9.8228.50276) for FSLogix 2201 in Microsoft Azure. This update for FSLogix 2201 includes fixes for mounting multi-session VHD files, cloud cache meta tracking files, and registry cleanup operations.
Azure: Container Escape Vulnerability (CVE-2022-30137) in Microsoft's Service Fabric Closed
[German]Security researchers from Palo Alto Networks have encountered a container escape vulnerability in Microsoft's Service Fabric, which they then named FabricScape. The vulnerability allowed container escapes in Microsoft's Service Fabric, which is commonly used with Azure. Palo Alto Networks has … Continue reading
Accusation: Microsoft patches Azure (Synapse Pwnalytics vulnerability) too slowly and endangers cloud security
[German]You occasionally hear "we are migrating to the cloud, to Microsoft Azure, Office 365, etc., Microsoft will make sure that patching is done and vulnerabilities are closed promptly". But cloud users are, for better or worse, dependent on Microsoft's goodwill … Continue reading