Microsoft fixes vulnerability in Azure Container Instance

Information security experts from Palo Alto Networks spoke about a new vulnerability in Azure Container Instances named Azurescape. The problem affected the cloud service Azure Container Instances, which allows companies to deploy packaged applications (containers) in the cloud.

The issue allowed a malicious container to hijack other containers owned by platform users. In essence, an attacker exploiting Azurescape could execute commands in someone else’s containers and gain access to all data from other clients.

It is believed that hackers could use the bug to execute code in other users’ containers, steal confidential information, and deploy miners and other malware.

users containers

Microsoft has already sent out notifications to its customers warning them to change the privileged credentials for containers deployed on the platform before August 31, 2021.

The company stressed that this is only a precautionary measure, since so far no signs of attacks using Azurescape have been found.

Our investigation surfaced no unauthorized access to customer data. Out of an abundance of caution we notified customers with containers running on the same clusters as the researchers via Service Health Notifications in the Azure Portal. If you did not receive a notification, no action is required with respect to this vulnerability.Microsoft reported.

Palo Alto Networks experts note that the vulnerability allowed attackers to compromise multi-user Kubernetes clusters hosting ACI.

The problem was easily discovered when it was revealed that ACI was using code released almost five years ago, vulnerable to bugs related to escaping from the container.

RunC v1.0.0-rc2 was released on October 1, 2016 and is vulnerable to at least two CVEs related to containers. Back in 2019, we studied one of these vulnerabilities, CVE-2019-5736.the experts say.

Experts also note that the use of CVE-2019-5736 was enough to escape from the container and execute the code with elevated privileges on the base host.

code with elevated privileges on the base host

Palo Alto Networks has attached a video to its report that demonstrates how an attacker can escape from his container and gain administrator rights for the entire cluster.

Let me remind you that we also said that Reserchers discovered in Google Cloud, AWS, and Azure Explore 34 Million Vulnerabilities.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbr├╝cken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button