Security News > 2024 > June > Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation
Tenable thinks these tags can be abused by a rogue Azure customer to access other customers' stuff - a cross-tenant attack - if those victims rely on Service Tags in their firewall rules.
"We appreciate the collaboration with Tenable to responsibly disclose the inherent risk in using Service Tags as a single mechanism for vetting secure network traffic," a Microsoft spokesperson told The Register.
In addition to that Microsoft cloud service, the vulnerability affects at least 10 other Azure services, we're told.
"Many customers are using Azure Service Tags to achieve network isolation," Matan told The Register.
Thus, we're led to believe, it's possible for one Azure user to control the HTTP requests sent by an Azure service to another customer, and if that other customer blindly trusts the request - because it's coming from a service covered by a Service Tag - it reaches the victim's app, allowing the rogue user to potentially remotely control or monitor that app.
"When a service grants users the option to control server-side requests, and the service is associated with Azure Service Tags, things can get risky if the customer does not have additional layers of protection," Tenable warned.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/06/05/tenable_azure_flaw/
Related news
- Microsoft raises rewards for Copilot AI bug bounty program (source)
- Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes (source)
- Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)