Skip to main content

Microsoft Azure security flaws uncovered

(Image credit: Image source: Shutterstock/faithie)

Microsoft has patched two major flaws in its Azure (opens in new tab) cloud offering that could have allowed criminals to take full control of servers and steal sensitive data.

The flaws were discovered by researchers at cybersecurity firm Check Point, who said that hackers could abuse Azure Stack to take screenshots of valuable information, such as banking or credit card information. It was also said they could abuse the Azure App Service to “take control” of entire servers.

Microsoft identified the flaws as CVE-2019-1372 and CVE-2019-1234 and worked in collaboration with Check Point on a fix.

“When operating in the cloud, enterprises often behave with the wild abandon as if their services are hosted in their basement behind the safety of their trusted gateway,” said Check Point, describing the problem.

“It’s easy to forget that while you might be sitting within your enterprise in the office, your device – using your corporate internet connection – is actually communicating with a service that is hosted outside of the organisation. The potential costs to businesses are dramatic – phishing schemes and data leaks have cost global brands both in dollar value and reputational value.”

The Azure (opens in new tab) App Service is a tool that allows developers to build both web and mobile apps for iOS, Android and Windows. Many SaaS applications are integrated within the offering, including Salesforce, Marketo and Dropbox.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.