Microsoft Azure fixes critical security bug that put user data at risk

News
By Sead Fadilpašić
last updated

Bug in Azure Automation could have allowed threat actors to steal sensitive data

Cloud Security
(Image credit: laymanzoom / Shutterstock)

A serious security flaw in Microsoft Azure which could have allowed threat actors to steal customer data and identity information, has been discovered and patched.

Orca Security cybersecurity researcher Yanir Tsarimi found a flaw in Azure Automation, a service that automates various processes, helps with configuration management, and updates, all of which run inside isolated sandboxes.

Tsarimi dubbed the flaw AutoWarp, and claims it allows threat actors to steal Azure customers’ Managed Identities authentication tokens from an internal server endpoint.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> <a href="https://project.tolunastart.com/s/Cy37RiA" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

Large companies at risk

"Someone with malicious intentions could've continuously grabbed tokens, and with each token, widen the attack to more Azure customers," Tsarimi said. 

"This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer. We discovered large companies at risk (including a global telecommunications company, two car manufacturers, a banking conglomerate, big four accounting firms, and more)."

All Azure Automation customers who’ve had the Managed Identity feature enabled (which seems to be plenty, given that the feature was toggled on by default), were impacted by the flaw, Tsarimi added.

Microsoft says it fixed the issue in early December 2021 by blocking access to auth tokens to all sandboxes, except the one that had legitimate access.

Read more

 > Switching to cloud security is already paying off for many companies

> Microsoft could start building its own Azure server chips sooner than expected

> Microsoft Azure change could save many customers from serious ransomware attacks 

But the work took Microsoft four days to complete, with the company noting that, "Automation accounts that use an Automation Hybrid worker for execution and/or Automation Run-As accounts for access to resources were not impacted."

Although Microsoft says there was no evidence of the flaw being exploited in the wild, it still notified all of the affected companies, and outlined a set of recommended security practices.

Azure is the world’s second-largest cloud service provider, right behind Amazon’s AWS. It currently holds around 21% of the global cloud market share.

 Via: BleepingComputer

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.