Skip to main content

Microsoft Azure security flaw exploit could let hackers create a 'skeleton key'

(Image credit: Everything Possible / Shutterstock)
Audio player loading…

Microsoft Azure could be vulnerable to attack from compromised computing systems, even on-premise, new research has claimed.

A report from cybersecurity firm Varonis has discovered that an attacker can use a compromised on-premises IT environment to pivot and attack an organization's Azure environment.

Using a compromised PC as a stepping stone to move across a network to hack other targets is a tactic that cybercriminals frequently employ and security researcher at Varonis, Eric Saraga found that it was possible to manipulate an on-premises server known as an Azure agent to establish a backdoor and obtain user credentials from the cloud.

Saraga developed a proof-of-concept attack that exploits Azure's pass-through authentication which installs an Azure agent on-premises that authenticates synced users from the cloud. This enabled him to create a form of 'skeleton key' password on an Azure agent.

Using this skeleton key, an attacker could escalate privileges to global admin to gain access to an organization's on-premises environment. This would allow the attacker to extract usernames and passwords from a company's Azure environment.

Skeleton key

Thankfully Saraga's exploit can be blocked by using multi-factor authentication to secure a company's Azure accounts as well as by actively monitoring its Azure agent servers.

This attack would also be difficult for cybercriminals to pull off as they would first need to hack into a corporate network.

Another thing worth noting is the fact that this is an exploit as opposed to a vulnerability so Microsoft won't be issuing a patch to fix it. The software giant responded to Varonis' report, saying:

“This report does not appear to identify a weakness in a Microsoft product or service that would enable an attacker to compromise the integrity, availability, or confidentiality of a Microsoft offering. For this issue, the attacker needs to compromise the machine first before they can take over the service.”

Since a patch isn't being developed, Saraga says that organizations should lock down their Azure environments by using multi-factor authentication to prevent falling victim to any potential attacks that leverage this exploit.

After getting his start at ITProPortal while living in South Korea, Anthony now writes about cybersecurity, web hosting, cloud services, VPNs and software for TechRadar Pro. In addition to writing the news, he also edits and uploads reviews and features and tests numerous VPNs from his home in Houston, Texas. Recently, Anthony has taken a closer look at standing desks, office chairs and all sorts of other work from home essentials. When not working, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.