The cloud-based computing service from Microsoft has been discovered to contain severe security weaknesses.
Leading cyber security specialist Check Point has uncovered two major security issues with Microsoft Azure. The weaknesses identified by security researchers at the firm could potentially be taken advantage of by cyber criminals to obtain access and gather sensitive data stored on any machines that are running Azure. Hackers can also exploit the flaws to take control of Microsoft Azure servers.
Security weakness in Microsoft Azure Stack
A software solution for cloud-based computing, Azure Stack was designed and produced by the tech giant to enable enterprises, from SMEs to international organisations, to employ their own company data centres to deliver users Azure services. The Redmond-based firm created the hybrid solution in order to give companies the capacity to start utilising cloud computing services on their own personalised terms, while empowering them to address both technical and business considerations effectively.
The first Azure security defect was identified in the Azure Stack solution. If exploited, the weakness would allow a hacker to acquire access to a variety of sensitive data, including user screenshots from machines using Azure.
Check Point’s specialist researchers were able to obtain sensitive information and take screenshots from both infrastructure machines and Azure tenants by capitalising on the security weakness. For the cybercriminal to take full advantage of the defect, however, they would need to acquire authorised access from the Azure Stack Portal first. With this level of access, the hackers would then be enabled to send out counterfeit HTTP requests.
Security flaw in the Microsoft Azure App
Developed by Microsoft to empower users with the ability to host and build back-ends for mobile, RESTful APIs and web apps in their chosen programming language without needing managing infrastructure. The Platform as a Service (PaaS) from Microsoft is fully managed and integrates Azure websites along with other offered services into on single service while including new capabilities to allow integration with cloud systems or on-premises.
The flaw identified by researchers over at Check Point in the Azure App revealed that a hacker could use the weakness to take total control of a whole Azure server. The cybercriminal would in effect then possess complete control of an organisation’s business code.
Check Point experts were able to show evidence that a cybercriminal could compromise Azure tenant data, accounts and application. The hacker would set up a free user account within the Azure Cloud, utilising it to run malicious operations in Azure. The specialist security firm revealed its findings to Microsoft who then collaborated with it on fixing the discovered Azure vulnerabilities. Complete patches for the security defect in Azure Stack and Azure app were both made available to prevent exploitation by hackers.
If your company uses Microsoft technology to its advantage, you can rely on our team for advice and support. Experts on business solutions from Microsoft, we’ll ensure your intranet is always running smoothly and securely with the very latest services available. Contact us here at WM Reply for streamlined support in your corner.