Cybersecurity researchers at Check purposethese days disclosed details of 2 recently patched probably dangerous vulnerabilities in Microsoft Azure services that, if exploited, might have allowed hackers to focus onmany businesses that run their internet and mobile apps on Azure.
Azure App Service could be a fully-managed integrated service that permits users to makeinternet and mobile apps for any platform or device, and simply integrate them with SaaS solutions, on-premises apps to alter business processes.
According to a report researchers shared with The Hacker News, the primary security vulnerability (CVE-2019-1234) could be a request spoofing issue that affected Azure Stack, a hybrid cloud computing software systemresolution by Microsoft.
If exploited, the problem would have enabled a foreign hacker to unauthorizedly access screenshots and sensitive info of any virtual machine running on Azure infrastructure—it does not matter if they are running on a shared, dedicated or isolated virtual machines.
According to researchers, this flaw is exploitable through Microsoft Azure Stack Portal, Associate in Nursing interface wherever users will access clouds they need created mistreatment Azure Stack.
By leverageAssociate in Nursing insure API, researchers found howto induce the virtual machine name and ID, hardware info like cores, total memory of targeted machines, so used it with another unauthenticated HTTP request to grab screenshots, as shown.
Whereas, the second issue (CVE-2019-1372) is a remote code execution flaw that affected the Azure App Service on Azure Stack, which would have enabled a hacker to take complete control over the entire Azure server and consequently take control over an enterprises’ business code.
What’s more interesting is that an attacker can exploit both issues by creating a free user account with Azure Cloud and running malicious functions on it or sending unauthenticated HTTP requests to the Azure Stack user portal.
Check Point published a detailed technical post on the second flaw, but in brief, it resided in the way DWASSVC, a service responsible for managing and running tenants’ apps and IIS worker processes, which actually run the tenant application, communicate with each other for defined tasks.
Since Azure Stack failed to check the length of a buffer before copying memory to it, an attacker could have exploited the issue by sending a specially crafted message to DWASSVC service, allowing it to execute malicious code on the server as the highest NT AUTHORITY/SYSTEM privilege.
“So how can an attacker send a message to DWASSVC (DWASInterop.dll)? By design, when running the C# Azure function, it runs in the context of the worker (w3wp.exe),” the researchers said.
“This lets an attacker the possibility to enumerate the currently opened handles. That way, he can find the already opened named pipe handle and send a specially crafted message.”
Check Point researcher Ronen Shustin, who discovered both vulnerabilities, responsibly reported the issues to Microsoft last year, preventing hackers from causing severe damage and chaos.
After patching both issues late last year, the company awarded Shustin with 40,000 USD under its Azure bug bounty program.