Microsoft Azure Vulnerability Let Attackers Bypass Firewall Rules

Tenable Research has uncovered a significant vulnerability in Microsoft Azure that allows malicious attackers to bypass firewall rules by forging requests from trusted services.

This vulnerability affects several Azure services, including:

  • Azure Application Insights
  • Azure DevOps
  • Azure Machine Learning
  • Azure Logic Apps
  • Azure Container Registry
  • Azure Load Testing
  • Azure API Management
  • Azure Data Factory
  • Azure Action Group
  • Azure AI Video Indexer
  • Azure Chaos Studio

Severity and Impact

Tenable Research has classified this vulnerability as a Security Feature Bypass issue.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs:Try Free Demo 

While the Common Vulnerability Scoring System (CVSS) is typically used to measure the severity of vulnerabilities, Tenable suggests a severity rating of High for this issue due to its impact on data integrity and confidentiality.

Microsoft Security Response Center (MSRC) has acknowledged the issue as an Elevation of Privilege with a severity rating of Important and has awarded a bounty for its discovery.

Solution and Recommendations

Microsoft has opted to address the issue by creating centralized documentation to inform customers about usage patterns for service tags. However, the vulnerable behavior still exists in customer environments.

Users are advised to add authentication and authorization layers to defend their assets on top of the network controls administered using service tags.

The timeline of the disclosure process is as follows:

  • January 24, 2024: Tenable discloses the vulnerability to Microsoft. Automated acknowledgment received.
  • January 31, 2024: MSRC confirms the reported behavior and awards a bounty.
  • February 2, 2024: MSRC devises a comprehensive fix plan and an implementation timeline.
  • February 26, 2024: MSRC decided to address the issue via a comprehensive documentation update and addressed more vulnerability variants.
  • March 6, 2024: Coordinated disclosure in May is agreed upon.
  • April 30, 2024: Tenable provides a blog draft to MSRC.
  • April 30 – May 10, 2024: Tenable coordinates with MSRC to incorporate technical comments.
  • June 3, 2024: Coordinated disclosure.

This vulnerability highlights the importance of robust security measures and the need for continuous monitoring and updating of security protocols.

Users of the affected Azure services should take immediate action to implement additional authentication and authorization layers to protect their assets.

Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Sign up for free


Share This Article
Leave a comment