Two major flaws detected in Microsoft Azure Cloud by cybersecurity firm Check Point
As Microsoft CEO Satya Nadella emphasized on keeping Azure Cloud secure with integrated end-to-end
identity, security and compliance solutions, cybersecurity firm Check Point revealed that it identified two
major security flaws in Microsoft Azure last year which have now been fixed.
The researchers at Israel-based Check Point discovered that a user on the Azure network could have
potentially taken control over the entire server, opening a path to business code theft and manipulation.
The first security flaw was found in Azure Stack and the second security flaw was found in Azure App
"The Azure Stack Flaw would have enabled a hacker to gain screenshots and sensitive information of
machines running on Azure. The Azure App Flaw would have enabled a hacker to take control over the
entire Azure server, and consequently take control over an enterprises' business code," the firm said in a
statement. Check Point said it worked closely with Microsoft to solve these issues, making the cloud more
secure. The first security flaw was disclosed by Check Point on January 19 last year while the second
security flaw was disclosed on June 27. Full patches for both security flaws in Azure were issued to the
public by the end of 2019.
In the Azure Stack flaw, Check Point researchers were able to take screenshots and lift sensitive
information of Azure tenants and infrastructure machines. "This security flaw would enable a hacker to
get sensitive information of any business that has its machine running on Azure," the researchers said.In
the Azure App flaw, an attacker could take control over server and business code. Researchers at Check
Point were able to prove that a hacker could compromise tenant applications, data, and accounts by
creating a free user in Azure Cloud and running malicious Azure functions.
"The end result would be that a hacker could potentially take control over the entire Azure server, and
consequently take control over all your business code," the Check Point report said. The disclosure came
as Nadella, during an earnings call on Wednesday, said that now to security, cybercrime will cost
businesses, governments and individuals $1 trillion this year.
"We are the only company that offers integrated end-to-end identity, security and compliance solutions to
protect people and organizations, spanning identity management, devices, cloud apps, data and
infrastructure," Nadella emphasized. He said that Azure is the only Cloud that offers consistency across
operating models, development environments, and infrastructure stack, enabling customers to bring cloud
computing and intelligence to any connected or disconnected environment.
"Azure Stack Edge brings rapid Machine Learning inferencing closer to where data is generated and the
new ruggedized Azure Stack form factors provide cloud capabilities in even the harshest of conditions
like disaster response," he explained. "Our differentiated approach across the cloud and edge is winning
customers. The US Department of Defense chose Azure to support our men and women in uniform at
home, abroad, and at their tactical edge," Nadella asserted.
There will be 175 zettabytes of data by 2025, up from 40 zettabytes today. "Processing this data in real-
time will be an operational imperative for every organization. Azure Synapse is our limitless analytics
service. It brings together big data analytics and data warehousing with unmatched performance, scale
and security," the Microsoft CEO said.
*Edited from an IANS report