Skip to main content
MSRC

Azure

Improved Guidance for Azure Network Service Tags

Monday, June 03, 2024

Summary Microsoft Security Response Center (MSRC) was notified in January 2024 by our industry partner, Tenable Inc., about the potential for cross-tenant access to web resources using the service tags feature. Microsoft acknowledged that Tenable provided a valuable contribution to the Azure community by highlighting that it can be easily misunderstood how to use service tags and their intended purpose.

Read More

Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLI

Tuesday, November 14, 2023

Summary The Microsoft Security Response Center (MSRC) was made aware of a vulnerability where Azure Command-Line Interface (CLI) could expose sensitive information, including credentials, through GitHub Actions logs. The researcher, from Palo Alto Networks Prisma Cloud, found that Azure CLI commands could be used to show sensitive data and output to Continuous Integration and Continuous Deployment (CI/CD) logs.

Read More

Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token

Monday, September 18, 2023

Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive Shared Access Signature (SAS) token for an internal storage account.

Read More

Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access

Tuesday, April 11, 2023

Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with various security best practices. This is particularly important in deploying Azure Functions and in provisioning Azure Role Based Access Control as customers are responsible for configuring and managing applications, identity, and data.

Read More

Azure Kubernetes Service (AKS) Threat Hunting

Wednesday, March 01, 2023

As more businesses shift away from running workloads on dedicated virtual machines to running them inside containers using workload orchestrators like Kubernetes, adversaries have become more interested in them as targets. Moreover, the benefits Kubernetes provides for managing workloads are also extended to adversaries. As adversaries leverage Kubernetes to run their workloads, their understanding of how these platforms work and can be exploited increases.

Read More

New High Impact Scenarios and Awards for the Azure Bounty Program

Monday, October 18, 2021

Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft’s holistic approach to defending against security threats.

Read More