Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances

The Hacker News -

Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances (ACI) services that could have been weaponized by a malicious actor “to access other customers’ information” in what the researchers described as the “first cross-account container takeover in the public cloud.”

An attacker exploiting the weakness could execute malicious commands on other users’ containers, steal customer secrets and images deployed to the platform. The Windows maker did not share any additional specifics related to the flaw, save that affected customers “revoke any privileged credentials that were deployed to the platform before August 31, 2021.”

Azure Container Instances is a managed service that allows users to run Docker containers directly in a serverless cloud environment, without requiring the use of virtual machines, clusters, or orchestrators.

Palo Alto Networks’ Unit 42 threat intelligence team dubbed the vulnerability “Azurescape,” referring to how an attacker can leverage the cross-tenant technique to

The post Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances first appeared on The Hacker News.

Read More.....