Microsoft has issued a warning to some of its Azure Cloud customers that a flaw discovered by a security research team could have allowed threat actors to access their data.
According to Reuters, the tech mega-conglomerate said in a blog post, written by its security response team, that the flaw reported by researchers from Palo Alto Networks has been fixed, and that there had been no evidence that cybercriminals were able to access any Azure cloud data.
The blog post continues to say that Microsoft has notified some of its customers to change their login credentials as a precaution.
Researchers from the Palo Alto team discovered an exploit around a widely-used system in Azure called ‘containers’, which store programs for users. According to Palo Alto researcher Ariel Zelivansky, Azure’s containers used code that had not been updated to patch a known vulnerability.
As a result of the unpatched flaw, Zelivansky and his team were able to eventually gain full control of a cluster that included containers from other users. The effort had taken the team several months.
Luckily for Microsoft, it was security researchers that discovered the flaw and not threat actors. Zelivansky even agreed that the method had probably not been already discovered by malicious hackers.
If exploited by a group of cybercriminals with enough skill, or by well-funded entities like national governments, Microsoft would have had a catastrophic data breach on their hands. Microsoft Azure is used by a vast number of enterprises, including huge international corporations like eBay, BMW, Samsung, and Boeing.
This security flaw is but the second major flaw revealed in Microsoft’s core Azure system in as many weeks. Last month, security experts at Wiz described a database flaw that also would have allowed one Azure Cloud customer to alter the data of another customer.
In either occurrence, Microsoft had advised caution to its customers that they may have somehow been affected by the security researchers discovering the flaw instead of acknowledging the holes in its code.
“Out of an abundance of caution, notifications were sent to customers potentially affected by the researcher activities,” Microsoft wrote on Wednesday.
According to container security expert Ian Coldwater, who spoke with Reuters, the problem reflected a failure on Microsoft’s part to apply continual patches in a timely fashion.
“Keeping code updated is really important,” Coldwater said. ”
A lot of the things that made this attack possible would no longer be possible with modern software.”
Coldwater added that some security software used by cloud customers would have been able to detect if malicious hackers exploited the flaw discovered by the Palo Alto team and that logs would have also shown signs of any such activity.