cxo voice
  • Home
  • News
  • Expert Opinion
  • Leaders Talk
  • Cyber Security
No Result
View All Result
  • Home
  • News
  • Expert Opinion
  • Leaders Talk
  • Cyber Security
No Result
View All Result
Interviews, IT and Technology News India | CXO VOICE
No Result
View All Result
Home News Cyber Security

Two Security Flaws found in Microsoft Azure, Now Fixed: Check Point

Ranjeet Roy by Ranjeet Roy
January 31, 2020
Reading Time: 4 mins read
Microsoft Azure security Flaws by Check Point
Share on FacebookShare on TwitterShare on LinkedinShare via E-Mail

Microsoft Azure, the foremost leader in the cloud computing service provider, has been affected by significant security flaws. Check Point researcher identifies two major security flaws on January 30, 2020. Researchers team recognizes that a Microsft Azure network user could have possibly taken control of the complete server, and unlocking a path to business code theft and manipulation.

Nothing to worry, Check Point and Microsoft teams worked together and fixed both the security flaws.

The first security flaw was discovered in Azure Stack; this would have enabled a cybercriminal to capture screenshots and can steal relevant confidential data from the device operating Microsoft Azure.

The second security flaw was found in the Microsoft Azure App service, this flaw would have enabled a cybercriminal to take control of the whole Azure server and consequently gain access over the enterprises’ business code.

How Check Point Identifies Microsoft Azure security flaws 

First, Check Point researchers install Microsoft Azure Stack Development Kit (ASDK) on their server, then they mapped the places they thought they might find vulnerabilities around. Since Azure Stack has similar features to Microsoft Azure’s public cloud, researchers focused on those vectors. 

Disclosure

After the identification process, researchers shared its finding with the Microsoft team. Check Point team disclosed the first security flaw on January 19, 2019, in which Microsoft created CVE-2019-1234. The second security flaw was uncovered by Check Point on June 27, 2019, in which Microsoft created CVE-2019-1372. They bothe, Check Point, and Microsoft worked hard to fix these flaws. Full patches for both security flaws in Azure were issued to the public by the end of 2019.


  • Also Read: Enterprise Cybersecurity Threats in 2020

Microsoft Azure Security Flaws

1. Azure Stack security Flaw

Azure Stack, a cloud computing software solution built by Microsoft to empower enterprises to deliver Azure services from their personal owned data center. Microsoft created the Azure Stack as a way to encourage businesses to adopt hybrid cloud computing by providing the power of the cloud while still being able to discuss business and technical effects like regulations, data sovereignty, customization, and latency.

Microsoft Azure security Flaws by Check Point
Azure Stack Overview

Check Point teams got passage to take screenshots and disclose relevant information of Azure tenants and infrastructure devices. This security flaw would allow cybercriminals to get information on any business that has its device running on Azure software. To perform the exploitation, a hacker would first obtain entrance to the Azure Stack Portal, enabling that person to send unauthenticated HTTP requests that provide screenshots and data about tenants and infrastructure devices.

Screenshot capturing and information disclosure

Microsoft Azure security Flaws by Check Point
Screenshot grabbing and information

2. Microsoft Azure App Flaw where Attacker Gets Control of entire Server

Microsoft Azure App Service is a wholly managed “Platform as a Service” (PaaS) that combines Microsoft Azure Websites, Mobile Services, and other services into a single service, adding new capacities that enable integration with on-premises or cloud systems. Microsoft Azure provides users capabilities like as provisioning and deploying web and mobile apps, build engaging iOS, Android, and Windows apps, automating business processes with visual design experience, and integrating with “Software as a Service” (SaaS) applications like Salesforce, Marketo and DropBox.

App
App Service configuration

Azure App users might be aware they can explore home directory by command D:\home, have you tried how it works?, how all tenant app approach own home directory by locating this path? The answer lies in the PreFilterOnCreateCallback function. We discussed before on the SandboxSettings structure, one of its properties is called sandboxRemotePath which contains a UNC file share path to the storage location of the app. DWASSVC sets this path at the start of the IIS worker process by interacting with the driver using the disclosed filter port (FltPort). So when the app tries to access D:\home or other special paths, the filter driver matches and replaces them with the exact ones on the fly. 

Microsoft Azure security Flaws by Check Point

Check Point researchers were able to determine that a cybercriminal could settle tenant applications, data, and accounts by creating a free user in Azure Cloud and running malicious Azure functions. The end result would be that a hacker could potentially take control of the whole Azure server, and consequently take control over all your business code.

  • Also Read: Cost of Data Breach at the End of 2019
Tags: Check PointCheck Point ResearchcybersecurityMicrosoft AzureMicrosoft Azure Security FlawsSecurity Flaws
Ranjeet Roy

Ranjeet Roy

Professor, Writer, Business Consultant. Ranjeet will love to answer your queries at "santosh@cxovoice.com"

Related Posts

security
Cyber Security

DigitalOcean says some customer’s email addresses were exposed in a recent Mailchimp security breach

August 19, 2022
Malware and ransomware
Cyber Security

Ways To Mitigate Malware And Ransomware Attacks

August 19, 2022
CyberPeace
Cyber Security

Governor of Jharkhand Launches Ranchi University-IETE-CyberPeace – Center of Excellence (CoE)

August 19, 2022
Security flaws Xiaomi
Cyber Security

Xiaomi Fixes the Security Flaws In Its Mobile Payment Mechanism

August 19, 2022
Remote Work Requires a Redesigned Enterprise Network To Improved Security
Cyber Security

Remote Work Needs a Redesigned Enterprise Network to Strengthen Cybersecurity

August 19, 2022
Sundar Balasubramanian, The Dawn of a New (Ransomware) Age
Cyber Security

The Dawn of a New (Ransomware) Age

August 19, 2022
Cyber Security

Wranga and Disney Star India Partner to Conduct ‘Responsible Digital Citizenship and Online Safety’ Study

August 19, 2022
Cyber Security

CyberPeace Foundation and TASK, Government of Telangana Signs MoU to Collaborate for CyberSecurity Research and Skilling Initiatives

August 19, 2022
Load More
Next Post
Abidali Z Neemuchwala Wipro

Abidali Z Neemuchwala CEO and MD of Wipro Steps Down

Discussion about this post

ADVERTISEMENT

Expert Views

Sundar Balasubramanian, The Dawn of a New (Ransomware) Age
Cyber Security

The Dawn of a New (Ransomware) Age

August 19, 2022
AI Cloud Enterprises
AI

What can AI Cloud do for Enterprises?

March 9, 2022
Data Modernisation
Technology

4 Key Trends Driving Data Modernization Across The Enterprises

January 28, 2022
IT Service Management (ITSM)
Enterprise

The need of ITSM to start a digital transformation journey and ensure high ROI

January 17, 2022
Cloud Adoption
Cloud

Cloud Adoption Needs to Be Accelerated

January 12, 2022

Get Latest Update

Subscribe to our mailing list to receives newsletter direct to your inbox!

ADVERTISEMENT

Leaders Inerviews

Enterprises, and MSMEs IoT
Leaders Talk

IoT is now seen as an essential enabler for the enterprises to be future ready : Joyjeet Bose

-
Security While Working Remotely interview with Filip Coftas
Cyber Security

Security While Working Remotely [Interview]

-
Akita Security Device Help you Protect your Security During COVID-19 [Interview with Zakir Hussain]
COVID-19

Can Akita Security Device Help you Protect your Security During COVID-19 [Interview]

-
digital transformation and customer experience Newgen software
Interview

Digital Transformation Journey helps Newgen Software Improve Customer Experience [Interview]

-

Entrepreneur

Inspiring Women Entrepreneurs in India (2022)

Technology Adoption For Entrepreneurs

Volunteering management is the need of the Hour

Significance Of Ethical Entrepreneurship In The Post COVID-19 Economy

CXO VOICE is a premier resource for the enterprises, SMBs and Startups CXOs and business leaders, It enables CXOs and business executives gain access key insights, experts views, analysis, business strategy, and leaders interviews on what’s happening in the market and its impact.

Connect with us

Easy Links

  • Cryptocurrency
  • Event
  • Blockchain
  • Press Release
  • Resources & Downloads

Write Us

contact@cxovoice.com

Newsletter

Subscribe to our mailing list to receives newsletter direct to your inbox!

  • Home
  • About
  • Contact Us
  • Advertise
  • Privacy & Policy
  • Feedback

© 2021 CXO VOICE

No Result
View All Result
  • Home
  • News
  • Expert Opinion
  • Leaders Talk
  • Cyber Security

© 2021 CXO VOICE

Our Spring Sale Has Started

You can see how this popup was set up in our step-by-step guide: https://wppopupmaker.com/guides/auto-opening-announcement-popups/