Security News > 2020 > March > Azure Red Flag: Microsoft Accidentally Fixes Cloud Config ‘Bug’
UPDATE. Researchers are shedding light on a Microsoft Azure misconfiguration bug that leaked sensitive access tokens, which could have given hackers access to virtual machine instances and cloud-based storage buckets.
According to CyberArk, it found the bug in September and Microsoft "Unintentionally" fixed it within two weeks as part of a regular update to its Azure platform.
Researchers said the Microsoft Azure Portal bug is tied to URL parsing within a JavaScript file used within Azure's Extension Manifest.
The Microsoft Azure Portal is a web-based and unified console for building, managing and monitoring cloud infrastructure.
"In this vulnerability in Microsoft Azure, attackers could take over Azure Accounts by exploiting a misconfiguration bug in Azure Portal's manifest," wrote Omer Tsarfati, a cyber security researcher at CyberArk. "Microsoft ended up fixing this bug, unintentionally, before we could officially report it to them."
News URL
Related news
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft lost some customers’ cloud security logs (source)
- Microsoft creates fake Azure tenants to pull phishers into honeypots (source)
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)