{"id":42425,"date":"2021-09-09T13:00:50","date_gmt":"2021-09-09T13:00:50","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=c0b0c22cdecd316e7f2ede7ad12a1434"},"modified":"2021-09-09T13:00:50","modified_gmt":"2021-09-09T13:00:50","slug":"azure-container-instances-users-urged-to-%e2%80%8b%e2%80%8brevoke-privileged-credentials-after-flaw-discovery","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/azure-container-instances-users-urged-to-%e2%80%8b%e2%80%8brevoke-privileged-credentials-after-flaw-discovery\/","title":{"rendered":"Azure Container Instances users urged to \u200b\u200brevoke privileged credentials after flaw discovery"},"content":{"rendered":"


\n Sabina Weston<\/a><\/span>
\n <\/span><\/p>\n

\n
\n
9 Sep, 2021<\/span><\/div>\n<\/p><\/div>\n<\/div>\n

\n<\/a><\/p>\n

\n

Microsoft<\/a>\u2019s security<\/a> team has urged Azure Container Instances (ACI<\/span>) users to revoke any privileged credentials deployed to the platform prior to 31 August.<\/p>\n

The advice comes as Palo Alto Networks<\/a> discovered a vulnerability<\/a>, which has since been fixed, within ACI<\/span> which made it possible for hackers<\/a> to \u200b\u200bobtain user data.<\/p>\n

Dubbed Azurescape<\/span>, due to the escape method being uncovered in Microsoft\u2019s Azure container as a service (CaaS<\/span>) platform, said a spokesperson for Palo Alto Networks.<\/p>\n

\u201cThis type of cross-account takeover represents a new attack vector that hackers can use to target cloud services. We expect that more vulnerabilities will be discovered that enable cross-account takeover,\u201d the spokesperson told IT Pro<\/em>.<\/p>\n

Azurescape<\/span> was discovered by Unit 42 researcher Yuval<\/span> Avrahami<\/span>, who reported it to Microsoft and was awarded \u201ctwo bug bounties\u201d for an undisclosed amount.<\/p>\n

No evidence was found suggesting that the flaw was exploited, according to the Microsoft Security Response Center<\/span> team.<\/p>\n

\u201cThere is no indication any customer data was accessed due to this vulnerability. Out of an abundance of caution, notifications were sent to customers potentially affected by the researcher activities, advising they revoke any privileged credential that were deployed to the platform before August 31, 2021,\u201d they stated.<\/p>\n

However, lack of evidence doesn\u2019t exclude the chances that a data breach happened. Microsoft didn\u2019t confirm whether it was confident no data had been accessed, according to Reuters<\/a>.<\/p>\n

The tech giant told ACI<\/span> customers that if they hadn\u2019t been notified, \u201cno action is required\u201d.<\/p>\n

\u201cIf you are unsure whether your subscription or organisation has received a notification, please contact Azure Support. If you have any concerns, rotating privileged credentials is a good periodic security practice and would be an effective precautionary measure,\u201d it added.<\/p>\n

The advisory comes weeks after thousands of its Azure customers had their main databases compromised<\/a>. Affected\u00a0customers included some of the world’s largest companies, according to cyber security researcher Wiz<\/a>, and was dubbed \u201cthe worst cloud vulnerability you can imagine\u201d.<\/p>\n

Microsoft had since fixed the vulnerability, at the time saying that there was no evidence the flaw had been exploited. The tech giant had reportedly agreed to pay the security researchers $40,000 for finding the flaw and reporting it. <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

Sabina Weston<\/p>\n

9 Sep, 2021 <\/p>\n

Microsoft\u2019s security team has urged Azure Container Instances (ACI) users to revoke any privileged credentials deployed to the platform prior to 31 August.
\nThe advice comes as Palo Alto Networks…<\/p>\n","protected":false},"author":627,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-42425","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/42425","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/627"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=42425"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/42425\/revisions"}],"predecessor-version":[{"id":42426,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/42425\/revisions\/42426"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=42425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=42425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=42425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}