Microsoft announced on 8th September that it has fixed a vulnerability in its Azure container Instances (ACI). This vulnerability could allow an attacker to execute arbitrary commands on other users’ containers and steal customer secrets and images deployed to the platform.
The company did not open up much about the vulnerability. However, they advised their attacked customers to revoke any important credentials they had deployed to the platform before August 31, 2021.
The vulnerability has been named “Azurescape” by the Palo Alto Networks’ Unit 42 threat intelligence team. Azurescape allows an attacker to execute code remotely in ACI. Azure Container Instances allow to run Docker containers in a serverless cloud environment, without the use of virtual machines, clusters, or orchestrators.
The researchers noted that the exploit was possible due to an outdated version of the container runtime (ACI v1.0.0-rc2) that allowed the exploitation of a vulnerability known as CVE-2019-5736.
In response to the attack, Microsoft notified customers using the same Kubernetes cluster as the malicious container created by Palo Alto Networks for demonstrative purposes to exhibit the attack. Approximately 100 customer pods and 120 nodes were hosted on that cluster.
However, the company revealed that it did not find evidence of unauthorized access to the customer data.
This issue is the second flaw in a couple of weeks that have affected Microsoft’s Azure cloud platform. The first was a critical database flaw known as the Cosmos database flaw that could have given any user administrator full access to other users’ database instances.
Unit 42 researchers Yuval Avrahami and Zelivansky emphasized the importance of securing the cloud infrastructure through a comprehensive “defense-in-depth approach.” It should include continuous monitoring for threats and allow external researchers to study the environment for potential vulnerabilities.
“Discovery of Azurescape also underscores the need for cloud service providers to provide adequate access for outside researchers to study their environments, searching for unknown threats,” Unit 42 researchers Ariel Zelivanky and Yuval Avrahami said.
