Security News > 2020 > March > Azure Red Flag: Microsoft Accidentally Fixes Cloud Config ‘Bug’
UPDATE. Researchers are shedding light on a Microsoft Azure misconfiguration bug that leaked sensitive access tokens, which could have given hackers access to virtual machine instances and cloud-based storage buckets.
According to CyberArk, it found the bug in September and Microsoft "Unintentionally" fixed it within two weeks as part of a regular update to its Azure platform.
Researchers said the Microsoft Azure Portal bug is tied to URL parsing within a JavaScript file used within Azure's Extension Manifest.
The Microsoft Azure Portal is a web-based and unified console for building, managing and monitoring cloud infrastructure.
"In this vulnerability in Microsoft Azure, attackers could take over Azure Accounts by exploiting a misconfiguration bug in Azure Portal's manifest," wrote Omer Tsarfati, a cyber security researcher at CyberArk. "Microsoft ended up fixing this bug, unintentionally, before we could officially report it to them."
News URL
Related news
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- CISA orders federal agencies to secure their Microsoft cloud environments (source)