Azure Service Tags might be dangerous, claims Tenable, a cybersecurity company

However, Microsoft disagrees.

News

Reading time icon 2 min. read

Calendar icon Published on

by Flavius Floare 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Azure Service Tags

Tenable has made an unsettling finding just days after Microsoft announced the deprecation of the Azure Update Delivery service tag. They have uncovered a weakness in Microsoft Azure’s Service Tags.

The tags are supposed to help those who use Azure manage network traffic and make their lives easier overall, and the flaw could let hackers access private information by pretending to be trustworthy Azure services.

Tenable Research has discovered a vulnerability in Azure that allows an attacker to bypass firewall rules based on Azure Service Tags by forging requests from trusted services. Customers who rely on these firewall rules for security are at risk from this vulnerability. They should take immediate action to mitigate the issue and ensure they are protected by robust layers of authentication and authorization.

Tenable

Although the problem is serious, Microsoft maintains that Service Tags were never intended to serve as a security boundary. This viewpoint has initiated a discussion about the real safety of Azure services and what actions customers need to take to safeguard their data.

Service tags are not to be treated as a security boundary and should only be used as a routing mechanism in conjunction with validation controls. No exploitation or abuse of service tags has been reported by a third-party or seen in the wild per our own investigation.

Microsoft

Tenable, who deals with cybersecurity, has sounded the alarm about this problem, stating that attackers could circumvent firewall rules by utilizing these Service Tags. This kind of vulnerability isn’t limited to one or two services; it impacts at least ten different Azure services, such as Azure DevOps and Azure Machine Learning.

The message from Tenable for people who use Azure is simple: add more authentication and authorization steps. This shows that just having Service Tags is not enough; there must also be other protections to guard your assets. Tenable suggests that those using Azure check their security arrangements and make changes if needed.

In other news, Forrester Wave just named Microsoft a top leader in cybersecurity. The Redmond-based tech giant had the highest scores in the strategy, current offering, and market presence categories.

More about the topics: Azure, Microsoft Azure

Flavius Floare

Flavius Floare Shield

Tech Journalist

Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling. He's always curious and ready to take on everything new in the tech world, covering Microsoft's products on a daily basis. The passion for gaming and hardware feeds his journalistic approach, making him a great researcher and news writer that's always ready to bring you the bleeding edge!