Microsoft fixes ‘AutoWarp’ Azure bug that exposed customer data


By MYBRANDBOOK


Microsoft fixes ‘AutoWarp’ Azure bug that exposed customer data

Microsoft has addressed a vulnerability in the Azure Automation service, dubbed as ‘AutoWarp’, that could have allowed attackers to take complete control over other Azure customers' data. The vulnerability allows an attacker to steal other Azure customers' Managed Identities authentication tokens from an internal server that manages the sandboxes of other users.

 

Microsoft fixed the security flaw by blocking access to auth tokens to all sandboxes except the one that had legitimate access. The company notified all affected Azure Automation service customers and recommended following the security best practices.

 

Azure Automation accounts impacted by this vulnerability include those with the Managed Identity feature enabled. The company publicly disclosed the vulnerability, saying that it found no evidence that Managed Identities tokens were misused, or AutoWarp exploited in attacks.

 

Orca Security's Cloud Security Researcher, who discovered the bug, said, “Someone with malicious intentions could've continuously grabbed tokens, and with each token, widen the attack to more Azure customers. This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer. We discovered large companies at risk (including a global telecommunications company, two car manufacturers, a banking conglomerate, big four accounting firms, and more).

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org