Two serious vulnerabilities have been found in Microsoft Azure, which could compromise the Azure server. Utilizing these could lead to Microsoft Azure's enterprise customers at risk of targeted attacks.

Several vulnerabilities were found in Microsoft Azure

A few days ago, researchers at the IT security company Check Point reveal two serious vulnerabilities discovered in Microsoft Azure's various services. The companies that use Microsoft Azure in their web and mobile apps run the risk of being targeted by these vulnerabilities.

The first vulnerability (CVE-2019-1234) was found in Microsoft's hybrid cloud service Azure Stack, in the Azure Stack Portal interface. Hackers can access screenshots and sensitive information about the virtual machine that uses Azure.
One way to utilize CVE-2019-1234 is to use one spoofing attack. There is an uncertain API that can present sensitive information about the server computer. Using a non-authenticated HTTP request, screenshots can be taken. Examples of information may be the name and ID of the virtual machine as well as the number of processor cores and primary memory in its hardware.

The second vulnerability (CVE-2019-1372) was also found in Microsoft Azure Stack, this time in Azure App Service. If any hacker exploits this vulnerability, the hacker can gain full control over the entire Azure server and thus the code that companies use in their products.
CVE-2019-1372 can be utilized with the help of Remote Code Execution (RCE). By registering a free Azure Cloud account, you can then execute malicious code or send unauthenticated HTTP requests to the Azure Stack Portal user interface.

The vulnerabilities have been fixed by Microsoft

Since reporting vulnerabilities CVE-2019-1234 and CVE-2019-1372, Microsoft has been working to fix them. They were published after Microsoft blocked them. If these vulnerabilities had been exploited, Microsoft Azure's corporate customers could be exposed to targeted attacks, including data breaches.

Recently published Microsoft released a security update for January 2020, which addressed a number of vulnerabilities, including 'NSACrypt'. Have you installed the latest security updates in your infrastructure?

CYPRO offers several different security solutions. click here to book a free consultation.

By Ludwig Wideskär, CYPRO

SwedishEnglish