Microsoft has revealed that it has fixed a bug in its Azure Container Instances (ACI) service that may have allowed a user to access other customers’ information in the ACI.
ACI lets customers run applications in containers on Azure using virtual machines that are managed by Microsoft rather than managing their own.
ZDNet Recommends
The best cloud storage services
Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.
Read More
Researchers from Palo Alto Networks reported the security bug to Microsoft, which recently addressed the issue.
SEE: The CIO’s new challenge: Making the case for the next big thing
Microsoft said in a blogpost there was no indication any customer information was accessed due to the vulnerability — both in the cluster the researchers were using or in other clusters.
“Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI) that could potentially allow a user to access other customers’ information in the ACI service. Our investigation surfaced no unauthorized access to customer data,” it said.
Nonetheless, it has told customers who received a notification from it via the Azure Portal to revoke any privileged credentials that were deployed to the platform before August 31, 2021.
Ariel Zelivansky, researcher at Palo Alto, told Reuters his team used a known vulnerability to escape Azure’s system for containers. Since it was not yet patched in Azure, this allowed them to gain full control of a cluster. Palo Alto reported the container escape to Microsoft in July.
Even without vulnerabilities, containerized applications, which are often hosted on cloud infrastructure, can be difficult to shield from attackers. The NSA and CISA recently issued guidance for organizations to harden containerized applications because their underlying infrastructure can be incredibly complex.
SEE: Open source matters, and it’s about more than just free software
Microsoft noted that among other things admins should revoke privileged credentials on a regular basis.
Microsoft disclosed a separate Azure vulnerability two weeks ago affecting customers running NoSQL databases on Azure, which provides the Cosmos DB managed NoSQL DB service. A critical flaw, dubbed ChaosDB, allowed an attacker to read, modify or delete databases.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
