Azure Service Tags might be dangerous, claims Tenable, a cybersecurity company
However, Microsoft disagrees.
2 min. read
Published on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Tenable has made an unsettling finding just days after Microsoft announced the deprecation of the Azure Update Delivery service tag. They have uncovered a weakness in Microsoft Azure’s Service Tags.
The tags are supposed to help those who use Azure manage network traffic and make their lives easier overall, and the flaw could let hackers access private information by pretending to be trustworthy Azure services.
Tenable Research has discovered a vulnerability in Azure that allows an attacker to bypass firewall rules based on Azure Service Tags by forging requests from trusted services. Customers who rely on these firewall rules for security are at risk from this vulnerability. They should take immediate action to mitigate the issue and ensure they are protected by robust layers of authentication and authorization.
Tenable
Although the problem is serious, Microsoft maintains that Service Tags were never intended to serve as a security boundary. This viewpoint has initiated a discussion about the real safety of Azure services and what actions customers need to take to safeguard their data.
Service tags are not to be treated as a security boundary and should only be used as a routing mechanism in conjunction with validation controls. No exploitation or abuse of service tags has been reported by a third-party or seen in the wild per our own investigation.
Microsoft
Tenable, who deals with cybersecurity, has sounded the alarm about this problem, stating that attackers could circumvent firewall rules by utilizing these Service Tags. This kind of vulnerability isn’t limited to one or two services; it impacts at least ten different Azure services, such as Azure DevOps and Azure Machine Learning.
The message from Tenable for people who use Azure is simple: add more authentication and authorization steps. This shows that just having Service Tags is not enough; there must also be other protections to guard your assets. Tenable suggests that those using Azure check their security arrangements and make changes if needed.
In other news, Forrester Wave just named Microsoft a top leader in cybersecurity. The Redmond-based tech giant had the highest scores in the strategy, current offering, and market presence categories.
User forum
0 messages