Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers (Jan 30, 2020)
Check Point researchers have found two vulnerabilities in Microsoft’s Azure services that allow threat actors remote access to an organisation's Azure servers with the ability for remote execution and manipulation of company code. The first vulnerability is registered as “CVE-2019-1234”, a spoofing issue that affects all Azure Stacks versions and if used, allows threat actors to make special requests for Azure Stack resources, such as screenshots and sensitive data. The second exploit is registered as “CVE-2019-1372”, a remote code execution vulnerability that involves the Azure Stack not checking the length of a buffer prior to copying memory to it. Threat actors can use this to gain escalated privileges over the end user’s Azure server and control of their source code.
Recommendation: The security update should be applied as soon as possible because of the high criticality rating of this vulnerability, and the potential for an actor to take control of an affected system. Additionally, your company should have policies in place to review and apply security updates for software in use to protect against known vulnerabilities that threat actors may exploit. Microsoft has since released patches for these two vulnerabilities and systems should be updated as soon as possible.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.