Microsoft has patched a severe Azure problem that exposed client information
Microsoft has patched a flaw in the Azure Automation service that may have enabled intruders to take full control of data belonging to other Azure users. Process automation, configuration management, and update management are all available through Microsoft Azure Automation Service, with each scheduled job executing in its own isolated sandbox for each Azure client.
An adversary may take other Azure customers’ Managed Identities authentication tokens from an internal server that administers other users’ sandboxes, thanks to the vulnerability, called AutoWarp by Orca Security’s Cloud Security Researcher Yanir Tsarimi, who identified it. “Someone with evil intent could’ve continued to gather tokens, expanding the assault to more Azure customers with each token,” Yanir Tsarimi said.
“Depending on the permissions provided by the customer, this attack could result in complete control over the targeted account’s resources and data.” “We uncovered huge organizations at risk (including a multinational telecommunications company, two automobile manufacturers, a financial conglomerate, the Big Four accounting firms, and others).”
This issue affects Azure Automation accounts that have the Managed Identity feature activated (toggled on by default, according to Tsarimi)…
