Microsoft on Wednesday mentioned it remediated a vulnerability in its Azure Container Situations (ACI) companies that might have been exploited by a malicious actor “to entry different clients’ data” in what the researcher described because the “first cross-account container takeover within the public cloud.”
An attacker exploiting the weak spot may execute malicious instructions on different customers’ containers, steal buyer secrets and techniques and pictures deployed to the platform. The Home windows maker didn’t share any extra specifics associated to the flaw, save that affected customers “revoke any privileged credentials that had been deployed to the platform earlier than August 31, 2021.”
Azure Container Situations is a managed service that enables customers to run Docker containers straight in a serverless cloud atmosphere, with out requiring using digital machines, clusters, or orchestrators.
Palo Alto Networks’ Unit 42 menace intelligence staff dubbed the vulnerability “Azurescape,” referring to how an attacker can leverage the cross-tenant approach to flee their rogue ACI container, escalate privileges over a multitenant Kubernetes cluster, and take management of impacted containers by executing malicious code.
Breaking out of the container, the researchers mentioned, was made attainable as a result of an outdated container runtime utilized in ACI (runC v1.0.0-rc2), thereby making it attainable to take advantage of CVE-2019-5736 (CVSS rating: 8.6) to flee the container and get code execution with elevated privileges on the underlying host.
Microsoft mentioned it notified choose clients with containers operating on the identical Kubernetes cluster as that of the malicious container created by Palo Alto Networks to exhibit the assault. The cluster is alleged to have hosted 100 buyer pods and about 120 nodes, with the corporate stating it had no proof dangerous actors had abused the flaw to hold out real-world intrusions, including its investigation “surfaced no unauthorized entry to buyer information.”
The disclosure is the second Azure-related flaw to come back to mild in a span of two weeks, the primary one being a important Cosmos database flaw that might have been doubtlessly exploited to grant any Azure person full admin entry to different clients’ database cases with none authorization.
“This discovery highlights the necessity for cloud customers to take a ‘defense-in-depth’ strategy to securing their cloud infrastructure that features steady monitoring for threats — inside and outdoors the cloud platform,” Unit 42 researchers Ariel Zelivanky and Yuval Avrahami mentioned. “Discovery of Azurescape additionally underscores the necessity for cloud service suppliers to offer enough entry for outdoor researchers to review their environments, looking for unknown threats.”