cxo voice
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release
No Result
View All Result
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release
No Result
View All Result
Leaders Talk and Latest Tech News | CXO VOICE
No Result
View All Result
Home News Cyber Security

Two Security Flaws found in Microsoft Azure, Now Fixed: Check Point

Ranjeet Roy by Ranjeet Roy
January 31, 2020
Microsoft Azure security Flaws by Check Point

Microsoft Azure, the foremost leader in the cloud computing service provider, has been affected by significant security flaws. Check Point researcher identifies two major security flaws on January 30, 2020. Researchers team recognizes that a Microsft Azure network user could have possibly taken control of the complete server, and unlocking a path to business code theft and manipulation.

Nothing to worry, Check Point and Microsoft teams worked together and fixed both the security flaws.

The first security flaw was discovered in Azure Stack; this would have enabled a cybercriminal to capture screenshots and can steal relevant confidential data from the device operating Microsoft Azure.

The second security flaw was found in the Microsoft Azure App service, this flaw would have enabled a cybercriminal to take control of the whole Azure server and consequently gain access over the enterprises’ business code.

How Check Point Identifies Microsoft Azure security flaws 

First, Check Point researchers install Microsoft Azure Stack Development Kit (ASDK) on their server, then they mapped the places they thought they might find vulnerabilities around. Since Azure Stack has similar features to Microsoft Azure’s public cloud, researchers focused on those vectors. 

ADVERTISEMENT

Disclosure

After the identification process, researchers shared its finding with the Microsoft team. Check Point team disclosed the first security flaw on January 19, 2019, in which Microsoft created CVE-2019-1234. The second security flaw was uncovered by Check Point on June 27, 2019, in which Microsoft created CVE-2019-1372. They bothe, Check Point, and Microsoft worked hard to fix these flaws. Full patches for both security flaws in Azure were issued to the public by the end of 2019.


  • Also Read: Enterprise Cybersecurity Threats in 2020

Microsoft Azure Security Flaws

1. Azure Stack security Flaw

Azure Stack, a cloud computing software solution built by Microsoft to empower enterprises to deliver Azure services from their personal owned data center. Microsoft created the Azure Stack as a way to encourage businesses to adopt hybrid cloud computing by providing the power of the cloud while still being able to discuss business and technical effects like regulations, data sovereignty, customization, and latency.

Microsoft Azure security Flaws by Check Point
Azure Stack Overview

Check Point teams got passage to take screenshots and disclose relevant information of Azure tenants and infrastructure devices. This security flaw would allow cybercriminals to get information on any business that has its device running on Azure software. To perform the exploitation, a hacker would first obtain entrance to the Azure Stack Portal, enabling that person to send unauthenticated HTTP requests that provide screenshots and data about tenants and infrastructure devices.

Screenshot capturing and information disclosure

Microsoft Azure security Flaws by Check Point
Screenshot grabbing and information

2. Microsoft Azure App Flaw where Attacker Gets Control of entire Server

Microsoft Azure App Service is a wholly managed “Platform as a Service” (PaaS) that combines Microsoft Azure Websites, Mobile Services, and other services into a single service, adding new capacities that enable integration with on-premises or cloud systems. Microsoft Azure provides users capabilities like as provisioning and deploying web and mobile apps, build engaging iOS, Android, and Windows apps, automating business processes with visual design experience, and integrating with “Software as a Service” (SaaS) applications like Salesforce, Marketo and DropBox.

App
App Service configuration

Azure App users might be aware they can explore home directory by command D:\home, have you tried how it works?, how all tenant app approach own home directory by locating this path? The answer lies in the PreFilterOnCreateCallback function. We discussed before on the SandboxSettings structure, one of its properties is called sandboxRemotePath which contains a UNC file share path to the storage location of the app. DWASSVC sets this path at the start of the IIS worker process by interacting with the driver using the disclosed filter port (FltPort). So when the app tries to access D:\home or other special paths, the filter driver matches and replaces them with the exact ones on the fly. 

Microsoft Azure security Flaws by Check Point

Check Point researchers were able to determine that a cybercriminal could settle tenant applications, data, and accounts by creating a free user in Azure Cloud and running malicious Azure functions. The end result would be that a hacker could potentially take control of the whole Azure server, and consequently take control over all your business code.

  • Also Read: Cost of Data Breach at the End of 2019
Ranjeet Roy

Ranjeet Roy

Professor, Writer, Business Consultant. Ranjeet will love to answer your queries at "[email protected]"

Related Posts

LTIMindtree
Business

LTIMindtree Secures $450 Million Multi-Year Deal with Global Agribusiness Leader

May 12, 2025
Amazon to Invest Over $4 Billion to Launch Infrastructure Region in Chile
Press Release

Amazon to Invest Over $4 Billion to Launch Infrastructure Region in Chile

May 9, 2025
Johnson & Johnson Medtech
Press Release

Johnson & Johnson Medtech Partners with Qure.ai to Boost Early Detection of Lung Cancer

May 9, 2025
Ant International and Barclays
Finance

Ant International and Barclays Partner to Revolutionize Global Treasury Management with Advanced AI Technology

May 7, 2025
Microsoft Farmbeats
Technology

Microsoft and National FFA Expand FarmBeats for Students Program to Enhance Agricultural Education Across the U.S.

May 7, 2025
CEOs on AI
AI

CEOs Bet Big on AI: Navigating the Hurdles to Unlock Its Power

May 7, 2025
Asus TUF 500
Technology

Unleash Your Gaming Potential with the ASUS TUF Gaming Compact Desktop

May 6, 2025
IBM Lumen
Business

Revolutionizing AI: Lumen Technologies and IBM Partner to Unlock Scalable AI for Businesses

May 6, 2025
Load More
Please login to join discussion
ADVERTISEMENT

Latest Updates

LTIMindtree

LTIMindtree Secures $450 Million Multi-Year Deal with Global Agribusiness Leader

by News Desk
24 hours ago

Amazon to Invest Over $4 Billion to Launch Infrastructure Region in Chile

Amazon to Invest Over $4 Billion to Launch Infrastructure Region in Chile

by News Desk
4 days ago

Johnson & Johnson Medtech

Johnson & Johnson Medtech Partners with Qure.ai to Boost Early Detection of Lung Cancer

by Businesswire Desk
4 days ago

Ant International and Barclays

Ant International and Barclays Partner to Revolutionize Global Treasury Management with Advanced AI Technology

by News Desk
6 days ago

Microsoft Farmbeats

Microsoft and National FFA Expand FarmBeats for Students Program to Enhance Agricultural Education Across the U.S.

by News Desk
6 days ago

CEOs on AI

CEOs Bet Big on AI: Navigating the Hurdles to Unlock Its Power

by Deepa Sharma
6 days ago

Expert Views

Molly Sands AI
AI

AI RIP: 5 Things Knowledge Workers Will Say ‘Sayonara’ to in the Next Decade

March 8, 2025
multi cloud
Cloud

Multi-Cloud Made Simple: Strategies for Smart Business Management

March 5, 2025
Soft Skills
Opinion

Soft Skills and Technical Know-How: A Winning Combination in the Tech Industry

March 4, 2025
Digital Freedom
Cyber Security

Your Data, Their Gold: The Silent Battle for Digital Freedom

February 25, 2025
LLM in India
AI

Why A Homegrown LLM Is the Next Big Leap for India

February 22, 2025

Get Latest Update

Subscribe to our mailing list to receives newsletter direct to your inbox!

ADVERTISEMENT

Leaders Interviews

Steve Wilson, GenAI Cybersecurity LLMs
Cyber Security

How effective is GenAI in cybersecurity? The role of LLMs and AI in security solutions. [Interview with Steve Wilson]

-
Interview on Counterfeit products with Nikhil Narayan
Leaders Talk

Advancements in ML & AI made it possible to detect counterfeit products in real-time, says Nikhil Narayan

-
Newgenone bridges the gap between business users and IT teams with its low code capability: Varun Goswami
Leaders Talk

Newgenone bridges the gap between business users and IT teams with its low code capability: Varun Goswami

-
AI chatbots, Prasanna-Kumar
Leaders Talk

Can AI chatbots enhance customer experience and reduce the cost of serving customers?

-

Entrepreneur

Samsung Electronics appoints its first female president

Inspiring Women Entrepreneurs in India (2022)

Technology Adoption For Entrepreneurs

Volunteering management is the need of the Hour

CXOVoice.com is a leading online publication for CXOs, entrepreneurs, senior leaders, developers, and industry professionals. Our coverage spans key sectors, including IT, technology, banking, finance, cybersecurity, engineering, and automobiles.

Connect with us

Easy Links

  • Cryptocurrency
  • Event
  • Blockchain
  • Press Release
  • Resources & Downloads

Write Us

[email protected]
  • Home
  • About Us
  • Contact Us
  • Advertise
  • Privacy & Policy
  • Feedback

Copyright © 2025 CXOVoice - All Right Reserved

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Our Spring Sale Has Started

You can see how this popup was set up in our step-by-step guide: https://wppopupmaker.com/guides/auto-opening-announcement-popups/

No Result
View All Result
  • Home
  • Technology
    • AI
    • Cloud
    • Telecom
    • Data Center
    • BPM
    • Blockchain
  • Finance
    • Banking
  • Cyber Security
  • View Points
  • Leaders Talk
  • News
  • Press Release
    • Submit Press Release

Copyright © 2025 CXOVoice - All Right Reserved