cxo voice
  • Home
  • News
  • View Points
  • Leaders Talk
  • Cyber Security
  • AI
  • Blockchain
No Result
View All Result
  • Home
  • News
  • View Points
  • Leaders Talk
  • Cyber Security
  • AI
  • Blockchain
No Result
View All Result
Leaders Interview, IT and Technology News India | CXO VOICE
No Result
View All Result

Home » Cyber Security » Two Security Flaws found in Microsoft Azure, Now Fixed: Check Point

Two Security Flaws found in Microsoft Azure, Now Fixed: Check Point

Ranjeet Roy by Ranjeet Roy
January 31, 2020
Reading Time: 4min read
Microsoft Azure security Flaws by Check Point
Share on FacebookShare on TwitterShare on LinkedinShare via E-Mail

Microsoft Azure, the foremost leader in the cloud computing service provider, has been affected by significant security flaws. Check Point researcher identifies two major security flaws on January 30, 2020. Researchers team recognizes that a Microsft Azure network user could have possibly taken control of the complete server, and unlocking a path to business code theft and manipulation.

Nothing to worry, Check Point and Microsoft teams worked together and fixed both the security flaws.

The first security flaw was discovered in Azure Stack; this would have enabled a cybercriminal to capture screenshots and can steal relevant confidential data from the device operating Microsoft Azure.

The second security flaw was found in the Microsoft Azure App service, this flaw would have enabled a cybercriminal to take control of the whole Azure server and consequently gain access over the enterprises’ business code.

How Check Point Identifies Microsoft Azure security flaws 

First, Check Point researchers install Microsoft Azure Stack Development Kit (ASDK) on their server, then they mapped the places they thought they might find vulnerabilities around. Since Azure Stack has similar features to Microsoft Azure’s public cloud, researchers focused on those vectors. 

Disclosure

After the identification process, researchers shared its finding with the Microsoft team. Check Point team disclosed the first security flaw on January 19, 2019, in which Microsoft created CVE-2019-1234. The second security flaw was uncovered by Check Point on June 27, 2019, in which Microsoft created CVE-2019-1372. They bothe, Check Point, and Microsoft worked hard to fix these flaws. Full patches for both security flaws in Azure were issued to the public by the end of 2019.


  • Also Read: Enterprise Cybersecurity Threats in 2020

Microsoft Azure Security Flaws

1. Azure Stack security Flaw

Azure Stack, a cloud computing software solution built by Microsoft to empower enterprises to deliver Azure services from their personal owned data center. Microsoft created the Azure Stack as a way to encourage businesses to adopt hybrid cloud computing by providing the power of the cloud while still being able to discuss business and technical effects like regulations, data sovereignty, customization, and latency.

Microsoft Azure security Flaws by Check Point
Azure Stack Overview

Check Point teams got passage to take screenshots and disclose relevant information of Azure tenants and infrastructure devices. This security flaw would allow cybercriminals to get information on any business that has its device running on Azure software. To perform the exploitation, a hacker would first obtain entrance to the Azure Stack Portal, enabling that person to send unauthenticated HTTP requests that provide screenshots and data about tenants and infrastructure devices.

Screenshot capturing and information disclosure

Microsoft Azure security Flaws by Check Point
Screenshot grabbing and information

2. Microsoft Azure App Flaw where Attacker Gets Control of entire Server

Microsoft Azure App Service is a wholly managed “Platform as a Service” (PaaS) that combines Microsoft Azure Websites, Mobile Services, and other services into a single service, adding new capacities that enable integration with on-premises or cloud systems. Microsoft Azure provides users capabilities like as provisioning and deploying web and mobile apps, build engaging iOS, Android, and Windows apps, automating business processes with visual design experience, and integrating with “Software as a Service” (SaaS) applications like Salesforce, Marketo and DropBox.

App
App Service configuration

Azure App users might be aware they can explore home directory by command D:\home, have you tried how it works?, how all tenant app approach own home directory by locating this path? The answer lies in the PreFilterOnCreateCallback function. We discussed before on the SandboxSettings structure, one of its properties is called sandboxRemotePath which contains a UNC file share path to the storage location of the app. DWASSVC sets this path at the start of the IIS worker process by interacting with the driver using the disclosed filter port (FltPort). So when the app tries to access D:\home or other special paths, the filter driver matches and replaces them with the exact ones on the fly. 

Microsoft Azure security Flaws by Check Point

Check Point researchers were able to determine that a cybercriminal could settle tenant applications, data, and accounts by creating a free user in Azure Cloud and running malicious Azure functions. The end result would be that a hacker could potentially take control of the whole Azure server, and consequently take control over all your business code.

  • Also Read: Cost of Data Breach at the End of 2019
Tags: Check PointCheck Point ResearchcybersecurityMicrosoft AzureMicrosoft Azure Security FlawsSecurity Flaws
Ranjeet Roy

Ranjeet Roy

Professor, Writer, Business Consultant. Ranjeet will love to answer your queries at "[email protected]"

Related Posts

How AI helps fight off potential cyberattacks
Cyber Security

How AI helps fight off potential cyberattacks

March 2, 2021
Banking cybersecurity
Cyber Security

Why Banks and NBFCs must exercise extra cybersecurity measures during festival times?

December 11, 2020
Enterprises, and MSMEs IoT
Leaders Talk

IoT is now seen as an essential enabler for the enterprises to be future ready : Joyjeet Bose

November 30, 2020
Cyber Security Awareness
Cyber Security

Five Ways To Enhance Cyber Security Awareness

November 18, 2020
Cloud Security and Digital Transformation, the Top Priority for Enterprises as Pandemic Drags On
Cloud

Cloud Security and Digital Transformation, the Top Priority for Enterprises as Pandemic Drags On

November 17, 2020
Why digital India is vulnerable to new-age cyber attacks
Cyber Security

Why digital India is vulnerable to new-age cyber attacks

November 6, 2020
Endpoints security
Cyber Security

Endpoints, the New Data Security Frontier in the age of WFH

September 28, 2020
XDR to Transform Enterprise Threat Detection & Response
Cyber Security

XDR to Transform Enterprise Threat Detection & Response

September 3, 2020
Load More
Next Post
Abidali Z Neemuchwala Wipro

Abidali Z Neemuchwala CEO and MD of Wipro Steps Down

Discussion about this post

ADVERTISEMENT

Expert Views

Insurance Underwriting
Insurance

5 Ways New-age Technologies Can Transform Underwriting

February 5, 2021
Key Fintech Trends to look out for in 2021
Finance

Key Fintech Trends to look out for in 2021

January 8, 2021
Banking cybersecurity
Cyber Security

Why Banks and NBFCs must exercise extra cybersecurity measures during festival times?

December 11, 2020
impact of Covid-19 on retirement planning
Insurance

The impact of Covid-19 on retirement planning

December 1, 2020
Cyber Security Awareness
Cyber Security

Five Ways To Enhance Cyber Security Awareness

November 18, 2020

Get Latest Update

Subscribe to our mailing list to receives newsletter direct to your inbox!

ADVERTISEMENT

Leaders Inerviews

Enterprises, and MSMEs IoT
Leaders Talk

IoT is now seen as an essential enabler for the enterprises to be future ready : Joyjeet Bose

-
Security While Working Remotely interview with Filip Coftas
Cyber Security

Security While Working Remotely [Interview]

-
Akita Security Device Help you Protect your Security During COVID-19 [Interview with Zakir Hussain]
COVID-19

Can Akita Security Device Help you Protect your Security During COVID-19 [Interview]

-
digital transformation and customer experience Newgen software
Interview

Digital Transformation Journey helps Newgen Software Improve Customer Experience [Interview]

-

Entrepreneur

Technology Adoption For Entrepreneurs

Volunteering management is the need of the Hour

Significance Of Ethical Entrepreneurship In The Post COVID-19 Economy

Five tips for entrepreneurs to tide over the coronavirus crisis

CXO VOICE is a premier resource for the enterprises, SMBs and Startups CXOs and business leaders, It enables CXOs and business executives gain access key insights, experts views, analysis, business strategy, and leaders interviews on what’s happening in the market and its impact.

Connect with us

Easy Links

  • Cryptocurrency
  • Event
  • Blockchain
  • Press Release
  • Resources & Downloads

Write Us

[email protected]

Newsletter

Subscribe to our mailing list to receives newsletter direct to your inbox!

  • Home
  • About
  • Contact Us
  • Advertise
  • Privacy & Policy
  • Feedback

© 2018 CXO VOICE

No Result
View All Result
  • Home
  • News
  • View Points
  • Leaders Talk
  • Cyber Security
  • AI
  • Blockchain

© 2018 CXO VOICE