Microsoft Fixes Flaw That Could Leak data Between users Of Azure Container Services • The Register

Microsoft in the present day revealed it mounted a vulnerability in its Azure Container Situations companies that would have been exploited by a malicious consumer "to entry different prospects' data."

Azure Container Instances (ACI) is a serverless container surroundings. Microsoft says it affords the pliability of containers and the safety of VMs operating atop a hypervisor.

No technical particulars of the flaw have been revealed, save that customers ought to "revoke any privileged credentials that had been deployed to the platform earlier than August 31, 2021," and that rotating privileged credentials could be "an efficient precautionary measure" – maybe suggesting an authentication concern. Microsoft has additionally reminded customers that credentials may be present in surroundings variables, secret volumes, and even in Azure file shares – so there could also be a little bit of tidying as much as do.


We additionally know that solely a subset of customers had been uncovered to the flaw, as a result of Microsoft says that in case you did not see a Service Well being Notification concerning the concern within the Azure Portal you don't have anything to fret about.



Microsoft has said that its investigation "surfaced no unauthorized entry to buyer information."

The difficulty is Microsoft's second Azure cross-user information leak SNAFU up to now fortnight: in late August the IT large disclosed a flaw in its Cosmos DB allowed unauthorised read/write access to different customers' databases.

 » Read more from