28 C
Jaipur
Thursday, October 22, 2020

Microsoft Azure Cloud bugs Let Hackers Compromise Azure Cloud Servers

Must read

Acer Chromebook: Acer launches Chromebook Spin 513 and Halo smart speaker

Acer has launched its first Chromebook powered by the Qualcomm Snapdragon 7c compute platform – the Acer Chromebook Spin 513...

Huawei Mate 40: Huawei unveils the Mate 40 Pro and Pro+ smartphones

Huawei has bolstered its product line-up with the Mate 40 Series flagship smartphones--the Mate 40 Pro and the Mate 40 Pro+....

Flipkart: Flipkart, Reliance Jio deals push VC inflows to $3.6 billion in September quarter : Report – Latest News

Despite the pandemic-driven recession, venture capitalists continued to invest dollars into the country with September quarter seeing investment inflows more than doubling to USD...

google: Google has undermined competition, says South Korean antitrust chief – Latest News

South Korea's antitrust chief said on Thursday the agency believes US search engine giant Google has undermined competition, adding that the agency plans to...

Critical remote code execution and spoofing vulnerabilities that existed in the Microsoft Azure cloud infrastructure allow attackers to remotely exploiting the vulnerability and compromise the Azure cloud servers.

Researchers from checkpoint found an Azure Stack Spoofing vulnerability in Azure Stack where the certain request is failed to validate.

Microsoft Azure Stack is a hybrid cloud platform that enables you to use Azure services from your company or service provider datacenter.

Attackers taking advantage of this vulnerability and exploit the Azure Stack user portal by sending a specially crafted request.

Researchers from Checkpoint who have discovered this SSRF vulnerability, diving deep to Azure cloud and discussed this vulnerability in detail here.

Attackers who successfully exploit this vulnerability can take a screenshot of the sensitive information from the machine that runs under the Microsoft Azure cloud.

Microsoft fixed this vulnerability(CVE-2019-1234) and issued a security update changing how Azure Stack handles certain requests.

Azure Stack Remote Code Execution vulnerability

Researchers also discovered a critical remote code execution vulnerability in Azure App Service that let attackers run an unprivileged function by the user to execute code and escaping the sandbox in the context of NT AUTHORITYsystem.

Azure App Service enables you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice, without managing infrastructure.

The vulnerability found in DWASSVC, a service responsible for managing and running tenant applications and once its exploited,it allowed attackers to execute code as NT AUTHORITY/SYSTEM.

According to Checkpoint research “Exploiting this vulnerability in all of the plans could allow us to compromise Microsoft’s App Service infrastructure. However, exploiting it specifically on a Free/Shared plan could also allow us to compromise other tenant apps, data, and accounts! Thus breaking the security model of App Service. “

Checkpoint disclosed the technical details about how they found this vulnerability architecture and attack vectors here.

Microsoft fixed the vulnerability (CVE-2019-1372) and issued a security update that addresses the vulnerability by ensuring that Azure Stack sanitizes user inputs.

Also Read:

Critical Vulnerability in Microsoft Azure Let Hackers Take Over the Complete Control of the Azure Accounts

Microsoft Announced 16 New Roles to Enhance Azure Active Directory Security

Microsoft Launches Azure Security Lab, Bounty Reward for Researchers up to $40,000

Hackers Abusing Microsoft Azure to Deploy Malware and C2 Servers Using Evasion Technique

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Acer Chromebook: Acer launches Chromebook Spin 513 and Halo smart speaker

Acer has launched its first Chromebook powered by the Qualcomm Snapdragon 7c compute platform – the Acer Chromebook Spin 513...

Huawei Mate 40: Huawei unveils the Mate 40 Pro and Pro+ smartphones

Huawei has bolstered its product line-up with the Mate 40 Series flagship smartphones--the Mate 40 Pro and the Mate 40 Pro+....

Flipkart: Flipkart, Reliance Jio deals push VC inflows to $3.6 billion in September quarter : Report – Latest News

Despite the pandemic-driven recession, venture capitalists continued to invest dollars into the country with September quarter seeing investment inflows more than doubling to USD...

google: Google has undermined competition, says South Korean antitrust chief – Latest News

South Korea's antitrust chief said on Thursday the agency believes US search engine giant Google has undermined competition, adding that the agency plans to...

apple: Apple expands Express retail store format ahead of holiday season – Latest News

Apple is expanding a new physical store format as it tries to get iPhone 12 models into customers' hands, its retail chief told Reuters...