Microsoft Azure security flaw exploit could let hackers create a 'skeleton key'

(Image credit: Everything Possible / Shutterstock)

Microsoft Azure could be vulnerable to attack from compromised computing systems, even on-premise, new research has claimed.

A report from cybersecurity firm Varonis has discovered that an attacker can use a compromised on-premises IT environment to pivot and attack an organization's Azure environment.

Using a compromised PC as a stepping stone to move across a network to hack other targets is a tactic that cybercriminals frequently employ and security researcher at Varonis, Eric Saraga found that it was possible to manipulate an on-premises server known as an Azure agent to establish a backdoor and obtain user credentials from the cloud.

Saraga developed a proof-of-concept attack that exploits Azure's pass-through authentication which installs an Azure agent on-premises that authenticates synced users from the cloud. This enabled him to create a form of 'skeleton key' password on an Azure agent.

Using this skeleton key, an attacker could escalate privileges to global admin to gain access to an organization's on-premises environment. This would allow the attacker to extract usernames and passwords from a company's Azure environment.

Skeleton key

Thankfully Saraga's exploit can be blocked by using multi-factor authentication to secure a company's Azure accounts as well as by actively monitoring its Azure agent servers.

This attack would also be difficult for cybercriminals to pull off as they would first need to hack into a corporate network.

Another thing worth noting is the fact that this is an exploit as opposed to a vulnerability so Microsoft won't be issuing a patch to fix it. The software giant responded to Varonis' report, saying:

“This report does not appear to identify a weakness in a Microsoft product or service that would enable an attacker to compromise the integrity, availability, or confidentiality of a Microsoft offering. For this issue, the attacker needs to compromise the machine first before they can take over the service.”

Since a patch isn't being developed, Saraga says that organizations should lock down their Azure environments by using multi-factor authentication to prevent falling victim to any potential attacks that leverage this exploit.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.