Microsoft informs users about security bug in Azure Cloud


By MYBRANDBOOK


Microsoft informs users about security bug in Azure Cloud

Microsoft has informed users about a 'NotLegit' bug in Azure Cloud that may have put some customers' data at hacking risk. The Microsoft's Security Response Centre (MSRC) was informed by cloud security vendor Wiz.io, of an issue where customers can unintentionally configure the '.git folder' to be created in the content root, which would put them at risk for information disclosure.

 

The company said, "When combined with an application configured to serve static content, this bug makes it possible for others to download files not intended to be public."

 

The company further said that this happens because the system attempts to preserve the currently deployed files as part of repository contents, and activates what is referred to as in-place deployments by deployment engine Kudu.

 

Microsoft has notified customers who were impacted due to the activation of in-place deployment with specific guidance on how to mitigate the issue. Microsoft updated all PHP images to disallow serving the .git folder as static content as a defence in depth measure.

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org