Security News > 2020 > October > Microsoft Azure Flaws Open Admin Servers to Takeover
Researchers have disclosed two flaws in Microsoft's Azure web hosting application service, App Services, which if exploited could enable an attacker to take over administrative servers.
Azure App Services is an HTTP-based service for hosting web applications, and is available in both Microsoft Azure Cloud and on-premise installations.
Researchers found two vulnerabilities in the cloud service that specifically affect Linux servers.
"The two vulnerabilities we found allow us to combine them and enable any attacker with the ability to forge post requests or [remote] code execution on an Azure App Service to take over the Azure App Service administration server," said Paul Litvak, researcher with Intezer, in a Thursday post.
The first flaw stems from an open-source project called KuduLite within Azure App Services.
News URL
https://threatpost.com/microsoft-azure-flaws-servers-takeover/159965/
Related news
- Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)