Security News > 2020 > October > Researchers Find Vulnerabilities in Microsoft Azure Cloud Service
Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery attacks or execute arbitrary code and take over the administration server.
Azure App Service is a cloud computing-based platform that's used as a hosting web service for building web apps and mobile backends.
When an App Service is created via Azure, a new Docker environment is created with two container nodes - a manager node and the application node - along with registering two domains that point to the app's HTTP web server and the app service's administration page, which in turn leverages Kudu for continuous deployment of the app from source control providers such as GitHub or Bitbucket.
Azure deployments on Linux environments are managed by a service called KuduLite, which offers diagnostic information about the system and consists of a web interface to SSH into the application node.
After making available its security-focused IoT platform Azure Sphere earlier this year, it has also opened it up for researchers to break into the service with an aim to "Identify high impact vulnerabilities before hackers."
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/j3LWp1ATnM4/microsoft-azure-vulnerability.html
Related news
- Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service (source)
- Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware (source)
- Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems (source)
- Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters (source)
- Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera (source)
- Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Ransomware gangs now abuse Microsoft Azure tool for data theft (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)