Security News > 2020 > January > Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers
Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.
According to a report researchers shared with The Hacker News, the first security vulnerability is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft.
According to researchers, this flaw is exploitable through Microsoft Azure Stack Portal, an interface where users can access clouds they have created using Azure Stack.
Whereas, the second issue is a remote code execution flaw that affected the Azure App Service on Azure Stack, which would have enabled a hacker to take complete control over the entire Azure server and consequently take control over an enterprises' business code.
What's more interesting is that an attacker can exploit both issues by creating a free user account with Azure Cloud and running malicious functions on it or sending unauthenticated HTTP requests to the Azure Stack user portal.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/DOJoQDcj9uY/microsoft-azure-vulnerabilities.html
Related news
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft lost some customers’ cloud security logs (source)
- Microsoft creates fake Azure tenants to pull phishers into honeypots (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)