Security News > 2020 > January > Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers
Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.
According to a report researchers shared with The Hacker News, the first security vulnerability is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft.
According to researchers, this flaw is exploitable through Microsoft Azure Stack Portal, an interface where users can access clouds they have created using Azure Stack.
Whereas, the second issue is a remote code execution flaw that affected the Azure App Service on Azure Stack, which would have enabled a hacker to take complete control over the entire Azure server and consequently take control over an enterprises' business code.
What's more interesting is that an attacker can exploit both issues by creating a free user account with Azure Cloud and running malicious functions on it or sending unauthenticated HTTP requests to the Azure Stack user portal.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/DOJoQDcj9uY/microsoft-azure-vulnerabilities.html
Related news
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Hackers steal 15,000 cloud credentials from exposed Git config files (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)