Security researchers have identified a flaw towards Azure cloud, which threatens its customers about unauthorized hacker access through their data. This warning came from Microsoft themselves. The tech company said from their security team’s blog post that the flaw reported by Palo Alto Networks has already been fixed and worked on. They also added no evidence of abuse in this tactic coming from any malicious cyber attackers.
As a precaution, Microsoft informed some of their customers to change their login credentials. Some researchers questioned Microsoft about the detailed information sent by Palo Alto Networks, but they did not comment on any questions.
In recent interviews, Palo Alto researchers have told other researchers that their team could set in Azure’s system for user programs repository.
These containers of Azure operate on codes that were not updated to be able to patch attack exposures and vulnerabilities.
The team from Palo Alto has eventually got full control over a department that includes other user containers due to their investigation. They stated that this is the first cloud provider to be attacked, which uses container escape in controlling other user accounts.
Microsoft has received the report from Palo Alto last July this year. The Palo Alto researchers added to the narrative that the investigation has taken their team many months of effort and eventually agreed that any possible hackers had not implemented the same tactics with real attacks.
Nevertheless, this issue is the second crucial flaw discovered within Microsoft’s core Azure system within many weeks. Security researchers from Wiz have reported a database flaw that allowed one customer to manipulate other user data around late August this year.
From the two mentioned flaws, the acknowledgment of Microsoft is mainly fixated towards customers affected by the researcher’s investigations instead of those who were risked by their own codes. Moreover, Microsoft stated that they have sent alert notifications towards customers that may have been potentially affected by the activities and investigations of the researchers.
Researchers added that the problem mainly drills down to the failure of updating patches at the appropriate time and that Microsoft often blames their customers. Only if modern and updated software had been implemented beforehand, many attacks could have initially been avoided.
