contador gratuito Saltar al contenido
Contact :

Microsoft Azure was at the mercy of cybercriminals

Microsoft Azure was at the mercy of cybercriminals

A Microsoft Azure configuration error could have opened the door for hackers to virtual machines and cloud-based storage cubes.

The vulnerability of the service, cataloged by the Redmond firm as a comprehensive and ever-expanding set of cloud computing services, was revealed by Threatpost based on reports from CyberArk.

The investigation related the flaw to URL parsing within a JavaScript file used in the Azure extension manifest, as explained by Omer Tsarfati, a computer security researcher.

A manifest, Threatpost explained, is a JavaScript Object Notation (JSON) configuration file, that is, a lightweight format for storing and transporting data sent from a server to a page on the internet, which defines the configuration to be used by web applications.

During their analysis, experts noted "telemetry reports sent to a non-existent domain and that most of those telemetry requests include access tokens."

In particular, access tokens are "objects that describe the security context of a process or thread," as defined by Microsoft. The information in a token includes the identity and privileges of the user account associated with the process or the thread, ”added Threatpost.

The same media reported that CyberArk created two proof of concept (PoC) exploits against the vulnerability in order to gain control of users' access tokens.

Both take advantage of the error made by Microsoft in the manifest code of their Azure portal () The error caused Azure to try to connect to a non-existent hostname urehubs, detail.

According to CyberArk, the bug dates back to September 6, 2019, but Microsoft unintentionally fixed it two weeks later as part of a regular platform update.

With three lines of code, I closed the door on hackers (). Microsoft managed to mitigate the vulnerability by ensuring that the URL is not just the path, but a full valid URL, ”the IT security firm detailed.

Threatpost concluded that the researchers have emphasized that the vulnerability serves as a precedent for other potential bugs in the cloud, which is why companies need to be vigilant when it comes to relying on infrastructure and third-party security.

Cloud services are excellent options for many companies. However, relying on someone else's infrastructure depends on the security measures of a third party, which can be a risky practice, "Tsarfati reflected.

Editor's recommendations