Security News > 2020 > January > Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers
Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.
According to a report researchers shared with The Hacker News, the first security vulnerability is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft.
According to researchers, this flaw is exploitable through Microsoft Azure Stack Portal, an interface where users can access clouds they have created using Azure Stack.
Whereas, the second issue is a remote code execution flaw that affected the Azure App Service on Azure Stack, which would have enabled a hacker to take complete control over the entire Azure server and consequently take control over an enterprises' business code.
What's more interesting is that an attacker can exploit both issues by creating a free user account with Azure Cloud and running malicious functions on it or sending unauthenticated HTTP requests to the Azure Stack user portal.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/DOJoQDcj9uY/microsoft-azure-vulnerabilities.html
Related news
- Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access (source)
- Microsoft fixes Windows Server performance issues from August updates (source)
- Ransomware gangs now abuse Microsoft Azure tool for data theft (source)
- VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation (source)
- Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware (source)
- Microsoft ends development of Windows Server Update Services (WSUS) (source)