IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Azure Container Instances users urged to ​​revoke privileged credentials after flaw discovery

Microsoft says action needed "out of an abundance of caution" rather than as a response to a specific threat

Microsoft’s security team has urged Azure Container Instances (ACI) users to revoke any privileged credentials deployed to the platform prior to 31 August.

The advice comes as Palo Alto Networks discovered a vulnerability, which has since been fixed, within ACI which made it possible for hackers to ​​obtain user data.

Dubbed Azurescape, due to the escape method being uncovered in Microsoft’s Azure container as a service (CaaS) platform, said a spokesperson for Palo Alto Networks.

“This type of cross-account takeover represents a new attack vector that hackers can use to target cloud services. We expect that more vulnerabilities will be discovered that enable cross-account takeover,” the spokesperson told IT Pro.

Azurescape was discovered by Unit 42 researcher Yuval Avrahami, who reported it to Microsoft and was awarded “two bug bounties” for an undisclosed amount.

No evidence was found suggesting that the flaw was exploited, according to the Microsoft Security Response Center team.

“There is no indication any customer data was accessed due to this vulnerability. Out of an abundance of caution, notifications were sent to customers potentially affected by the researcher activities, advising they revoke any privileged credential that were deployed to the platform before August 31, 2021,” they stated.

However, lack of evidence doesn’t exclude the chances that a data breach happened. Microsoft didn’t confirm whether it was confident no data had been accessed, according to Reuters.

The tech giant told ACI customers that if they hadn’t been notified, “no action is required”.

“If you are unsure whether your subscription or organisation has received a notification, please contact Azure Support. If you have any concerns, rotating privileged credentials is a good periodic security practice and would be an effective precautionary measure,” it added.

The advisory comes weeks after thousands of its Azure customers had their main databases compromised. Affected customers included some of the world's largest companies, according to cyber security researcher Wiz, and was dubbed “the worst cloud vulnerability you can imagine”.

Microsoft had since fixed the vulnerability, at the time saying that there was no evidence the flaw had been exploited. The tech giant had reportedly agreed to pay the security researchers $40,000 for finding the flaw and reporting it.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Why India wants to become a chipmaking powerhouse
components

Why India wants to become a chipmaking powerhouse

28 Jun 2022