Microsoft Warns of Cross-Account Takeover Bug in Azure Container Cases

Microsoft on Wednesday mentioned it remediated a vulnerability in its Azure Container Cases (ACI) providers that would have been exploited by a malicious actor “to entry different clients’ info” in what the researcher described because the “first cross-account container takeover within the public cloud.”

An attacker exploiting the weak point may execute malicious instructions on different customers’ containers, steal buyer secrets and techniques and pictures deployed to the platform. The Home windows maker didn’t share any further specifics associated to the flaw, save that affected customers “revoke any privileged credentials that have been deployed to the platform earlier than August 31, 2021.”

Azure Container Cases is a managed service that permits customers to run Docker containers instantly in a serverless cloud surroundings, with out requiring using digital machines, clusters, or orchestrators.

Palo Alto Networks’ Unit 42 menace intelligence staff dubbed the vulnerability “Azurescape,” referring to how an attacker can leverage the cross-tenant approach to flee their rogue ACI container, escalate privileges over a multitenant Kubernetes cluster, and take management of impacted containers by executing malicious code.

Breaking out of the container, the researchers mentioned, was made potential because of an outdated container runtime utilized in ACI (runC v1.0.0-rc2), thereby making it potential to use CVE-2019-5736 (CVSS rating: 8.6) to flee the container and get code execution with elevated privileges on the underlying host.

Microsoft mentioned it notified choose clients with containers working on the identical Kubernetes cluster as that of the malicious container created by Palo Alto Networks to display the assault. The cluster is claimed to have hosted 100 buyer pods and about 120 nodes, with the corporate stating it had no proof dangerous actors had abused the flaw to hold out real-world intrusions, including its investigation “surfaced no unauthorized entry to buyer knowledge.”

The disclosure is the second Azure-related flaw to come back to mild in a span of two weeks, the primary one being a vital Cosmos database flaw that would have been doubtlessly exploited to grant any Azure consumer full admin entry to different clients’ database cases with none authorization.

“This discovery highlights the necessity for cloud customers to take a ‘defense-in-depth’ strategy to securing their cloud infrastructure that features steady monitoring for threats — inside and outdoors the cloud platform,” Unit 42 researchers Ariel Zelivanky and Yuval Avrahami mentioned. “Discovery of Azurescape additionally underscores the necessity for cloud service suppliers to supply sufficient entry for out of doors researchers to check their environments, looking for unknown threats.”

Source link