Microsoft has fixed an Azure Bug “Azurescape” That Allows Attackers to Take Control of Azure Container Instances

Microsoft announced that it had patched a vulnerability in its Azure Container Instances (ACI) services that a malicious actor could have exploited to access other customers’ information in the first cross-account container takeover in the public cloud. The vulnerability in ACI has been termed “Azurescape” by researchers at a cybersecurity firm, Palo Alto Networks because the attacks start with a container escape strategy.

Azure Container Instances (ACI) is a managed service that lets you run containers directly on the Microsoft Azure public cloud without the need for virtual machines (VMs), clusters, or orchestration. It does not require the provision or management of any underlying infrastructure by developers.

Microsoft claims the vulnerability has been addressed on its end, and the user does not need to take any action. There is no evidence that any Azure customer information was stolen as a result of this vulnerability. However, Microsoft urges users to remove any privileged credentials that were deployed to the platform before Aug. 31 as a preventative step.

According to Microsoft and Palo Alto Network researchers, the vulnerability affects the ACI service and could allow an attacker to access other Azure customers’ information stored in the ACI service.

Customer containers are hosted on multitenant clusters in ACI. Initially, there were Kubernetes clusters, but Microsoft has started hosting ACI on Service Fabric clusters in the last year. Azurescape only has an impact on ACI running on top of Kubernetes.

Further, Unit 42 researchers said that this is the second Azure-related vulnerability discovered in the last two weeks. The first one is the Cosmos Database Flaw. This revelation emphasizes cloud customers’ need to adopt a defense-in-depth approach to cloud security, which includes constant threat monitoring both inside and outside the cloud platform.