Security News > 2022 > June > Azure issues not adequately fixed for months, complain bug hunters

Azure issues not adequately fixed for months, complain bug hunters
2022-06-14 13:30

Two security vendors - Orca Security and Tenable - have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January.

The Register hasn't seen Microsoft's mitigation.

The Tenable CEO's post details Microsoft's response to a privilege escalation flaw that researchers discovered could be exploited by anyone using Azure Synapse.

"Why did it take five months for Microsoft to mitigate a vulnerability in a core Azure service? It has yet to be answered," Shua lamented.

Regardless, specific to the critical tenant separation flaws in Microsoft's Azure Synapse, "We're talking about five months," he noted.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/14/security_azure_patch/