Researchers uncover major security issue in Microsoft Azure - here's what we know

A person at a laptop with a secure lock symbol floating above it.
(Image credit: Shutterstock / laymanzoom)

Microsoft’s Azure cloud platform carries a high-severity security vulnerability that could result in victim organizations unknowingly executing malware on their endpoints, experts have warned. 

Researchers from Vectra outlined the issue in a recent blog post, noting that the vulnerability lies in Azure Logs, a tool that - ironically enough - is used to track malicious activity in a cloud environment (among other things). While logs sound like something an Azure admin would only read - and not edit - there are some pieces of data the user has control over, such as user IDs, email addresses, message subjects, and similar. 

By injecting malicious data into the logs, the applications processing it could be tricked into executing malware, the researchers claim.

CSV Injection

“For example, one could submit a fake email address containing an XSS (Cross-Site Scripting) payload in an account signup form,” the research reads. “And the application administrator that opens this log in a browser may become the victim of an XSS attack.”

But there is another way to drop malware onto people’s devices - called CSV Injection. As Azure Logs can be downloaded as a CSV file (Comma Separated Values), it is possible for the file to contain an Excel formula that the program executes as the file is opened. Some formulas - you guessed it - could be malicious, forcing OS Command Execution and other exploits. “It can be hazardous not only because arbitrary commands can be run but also because users don't usually know about it, thinking that CSV files are just plain text files that cannot possibly cause any damage,” the report reads.

These vulnerabilities can be executed unauthenticated, the researchers concluded, suggesting that the attackers don’t need to have an account in the cloud environment. 

The good news is that the vulnerability doesn’t work on fully patched Excel instances, so make sure yours is up to date.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.