cyber Vulnerability

Microsoft Cloud

Jun 3, 2022 1 min read
Microsoft Cloud

A critical vulnerability in Microsoft's Azure Automation service could have permitted unauthorized access to other Azure customer accounts.

By exploiting the bug, the attacker could get full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer.

Several companies including a telecommunications company, two car manufacturers, a banking conglomerate, and big four accounting firms, among others, the Israeli cloud infrastructure security company were targeted by exploiting this vulnerability.

However, the issue was identified and was remediated in a patch pushed in December 2021.

Source: https://thehackernews.com/2022/03/microsoft-azure-autowarp-bug-could-have.html

TPRM report: https://scoringcyber.rankiteo.com/company/microsoft-cloud-platform

"id": "mic134612522",
"linkid": "microsoft-cloud-platform",
"type": "Vulnerability",
"date": "12/2021",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"
{'affected_entities': [{'industry': 'Telecommunications',
                        'type': 'Telecommunications Company'},
                       {'industry': 'Automotive', 'type': 'Car Manufacturer'},
                       {'industry': 'Automotive', 'type': 'Car Manufacturer'},
                       {'industry': 'Finance', 'type': 'Banking Conglomerate'},
                       {'industry': 'Accounting',
                        'type': 'Big Four Accounting Firm'},
                       {'industry': 'Cloud Security',
                        'location': 'Israel',
                        'type': 'Israeli Cloud Infrastructure Security '
                                'Company'}],
 'attack_vector': 'Unauthorized Access',
 'date_resolved': 'December 2021',
 'description': "A critical vulnerability in Microsoft's Azure Automation "
                'service could have permitted unauthorized access to other '
                'Azure customer accounts. By exploiting the bug, the attacker '
                'could get full control over resources and data belonging to '
                'the targeted account, depending on the permissions assigned '
                'by the customer. Several companies including a '
                'telecommunications company, two car manufacturers, a banking '
                'conglomerate, and big four accounting firms, among others, '
                'the Israeli cloud infrastructure security company were '
                'targeted by exploiting this vulnerability. However, the issue '
                'was identified and was remediated in a patch pushed in '
                'December 2021.',
 'impact': {'data_compromised': 'Full control over resources and data',
            'systems_affected': 'Azure Automation Service'},
 'motivation': 'Unauthorized Access to Resources and Data',
 'response': {'remediation_measures': 'Patch released in December 2021'},
 'title': "Critical Vulnerability in Microsoft's Azure Automation Service",
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'Azure Automation Service Vulnerability'}
Published by
Harshit Kaur Bhatia
Harshit Kaur Bhatia
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.