Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      South Africa tables Starlink-friendly policy shift

      23 May 2025

      Computex 2025 – key takeaways from Asia’s biggest AI tech show

      23 May 2025

      Iqbal Survé’s Sekunjalo moves to delist controversial Ayo Technology

      23 May 2025

      US banks exploring launch of jointly developed stablecoin

      23 May 2025

      Apple smart glasses could be here next year

      23 May 2025
    • World

      iPhone designer Jony Ive to build AI devices with OpenAI

      22 May 2025

      First AI-generated drugs could go on sale by 2030

      22 May 2025

      Google, Volvo deepen partnership on car software

      21 May 2025

      Microsoft pushes for industry standards in AI agent collaboration

      19 May 2025

      Microsoft to lay off 3% of workforce in organisation-wide cuts

      14 May 2025
    • In-depth

      Sam Altman and Jony Ive’s big bet to out-Apple Apple

      22 May 2025

      South Africa unveils big state digital reform programme

      12 May 2025

      Is this the end of Google Search as we know it?

      12 May 2025

      Social media’s Big Tobacco moment is coming

      13 April 2025

      This is Europe’s shot to emerge from Silicon Valley’s shadow

      10 April 2025
    • TCS

      TCS | Reserve Bank fintech head Lyle Horsley on the G20 TechSprint

      22 May 2025

      TCS+ | Schneider Electric’s Clive Roberts on driving digitisation in the CPG sector

      22 May 2025

      TCS | Dalene Steyn on Capitec’s ambitious mobile gameplan

      21 May 2025

      Meet the CIO | Schalk Visser on Cell C’s big tech pivot

      13 May 2025

      TCS | Kiaan Pillay on fintech start-up Stitch and its R1-billion funding round

      7 May 2025
    • Opinion

      Solar panic? The truth about SSEG, fines and municipal rules

      14 April 2025

      Data protection must be crypto industry’s top priority

      9 April 2025

      ICT distributors must embrace innovation or risk irrelevance

      9 April 2025

      South Africa unprepared for deepfake chaos

      3 April 2025

      Google: South African media plan threatens investment

      3 April 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SkyWire
      • Solid8 Technologies
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Information security » Microsoft Azure cloud customers warned of new security flaw

    Microsoft Azure cloud customers warned of new security flaw

    By Agency Staff9 September 2021
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Microsoft has warned some of its Azure cloud computing customers that a flaw discovered by security researchers could have allowed hackers access to their data.

    In a blog post from its security response team, Microsoft said it had fixed the flaw reported by Palo Alto Networks and it had no evidence malicious hackers had abused the technique. It said it had notified some customers they should change their login credentials as a precaution.

    The blog post followed questions from Reuters about the technique described by Palo Alto. Microsoft did not answer any of the questions, including whether it was confident no data had been accessed.

    This is the first attack on a cloud provider to use container escape to control other accounts

    In an earlier interview, Palo Alto researcher Ariel Zelivansky said his team had been able to break out of Azure’s widely used system for so-called containers that store programs for users. The Azure containers used code that had not been updated to patch a known vulnerability, he said.

    As a result, the Palo Alto team was able eventually to get full control of a cluster that included containers from other users. “This is the first attack on a cloud provider to use container escape to control other accounts,” said longtime container security expert Ian Coldwater, who reviewed Palo Alto’s work at Reuters’ request.

    Second major flaw

    Palo Alto reported the issue to Microsoft in July. Zelivansky said the effort had taken his team several months and he agreed that malicious hackers probably had not used a similar method in real attacks.

    Still, the report is the second major flaw revealed in Microsoft’s core Azure system in as many weeks. In late August, security experts at Wiz described a database flaw that also would have allowed one customer to alter another’s data.

    In both cases, Microsoft’s acknowledgment focused on those customers who might have been somehow affected by the researchers themselves, rather than everyone put at risk by its own code.

    “Out of an abundance of caution, notifications were sent to customers potentially affected by the researcher activities,” Microsoft wrote on Wednesday.

    Coldwater said the problem reflected a failure to apply patches in a timely fashion, something Microsoft has often blamed its customers for. “Keeping code updated is really important,” Coldwater said. “A lot of the things that made this attack possible would no longer be possible with modern software.”

    Coldwater said that some security software used by cloud customers would have detected malicious attacks like the one envisioned by the security company, and that logs would also show signs of any such activity.

    The research underscored the shared responsibility between cloud providers and customers for security

    The research underscored the shared responsibility between cloud providers and customers for security.

    Zelivansky said cloud architectures are generally safe, while Microsoft and other cloud providers can make fixes themselves, rather than rely on customers to apply updates.

    But he noted that cloud attacks by well-funded adversaries, including national governments, are “a valid concern”.  — Reported by Joseph Menn, (c) 2021 Reuters



    Ariel Zelivansky Ian Coldwater Microsoft Microsoft Azure Palo Alto Networks top
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleSouth Africa to ease lockdown rules – what to expect
    Next Article ‘Rules are for other people’: Amazon launches blistering attack on Elon Musk

    Related Posts

    Surface Copilot+ PCs for business: the future of work, powered by AI

    23 May 2025

    The end of Windows 10 support is nigh – what you need to know

    22 May 2025

    Microsoft embraces AI diversity

    20 May 2025
    Company News

    Kredete launches Africa’s first stablecoin-backed credit card

    23 May 2025

    Surface Copilot+ PCs for business: the future of work, powered by AI

    23 May 2025

    Turbocharge your business operations with a fibre internet line

    23 May 2025
    Opinion

    Solar panic? The truth about SSEG, fines and municipal rules

    14 April 2025

    Data protection must be crypto industry’s top priority

    9 April 2025

    ICT distributors must embrace innovation or risk irrelevance

    9 April 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.