Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Security Operations

Microsoft Fixed an Azure Security Vulnerability before Researchers Could Report It

Azure Sentinel News Editor by Azure Sentinel News Editor
December 1, 2020
in Security Operations
0
New analytics to help Azure-based Sentinel identify threats
5.2kViews
510 Shares Share on Facebook Share on Twitter

A bug in the Microsoft Azure portal’s javascript parsing let security researchers steal the access tokens of an external organization. The tech giant managed to fix the issue before there were any public reports.

Microsoft beat security researchers to the ball in a dangerous Azure vulnerability. A CyberArk blog post titled ‘I Know What Azure Did Last Summer’ discloses a bug in the tech giant’s cloud platform that was exploitable for up to two weeks.

According to researcher Omer Tsarfari, the September issue lay in the way the Azure portal was parsing JavaScript that’s used in the Azure Portal’s Extension Manifest. An attacker with a HTTP server with the “urehubs” hostname and a signed root CA certificate could grab the access tokens of anyone who logged into the Azure portal.

The researchers were able to exploit this bug in the wild to grab an Azure token from an external organization. As a precaution, CyberArk then bought 72 urehub domains with various suffixes. Tsarfari says the bug could have led to complete takeovers of Azure environments.

“While there is a lot of honey in the Cloud Computing solutions, there is also a sting to be aware of.  Relying on “someone else’s computer” also means relying on someone else’s security measures.  We’ve seen a lot of attacks that have focused on cloud configuration weaknesses – and seeing and understanding these vulnerabilities helps us fortify our cloud environments,” he cautioned.  “But, what about the vulnerabilities we don’t know of? Are we ready for those?”

A Speedy Fix

Thankfully, Microsoft also took action. The organization says it managed to discover and fix the bug before the researchers could report it.

“This issue was identified internally and we deployed a fix to address it,” a spokesperson told ThreatPost.

Tsarfati tells a different story. According to ThreatPost, he wrote that Microsoft’s fix of the vulnerability, just a day after his frim created a working POC, was unintentional. The company added three lines of code, adding a URL to the JavaScript file’s HREF attribute that mitigated the issue. This was all done server-side, so admins have no need to worry if they haven’t been attacked already. However, Tsarfarti believes Microsoft’s indecision when it comes to URI schema could still come back to bite in the future.

“Regarding the URI formats in the ExtensionsManifest, I think that it might be worth sticking to one URI format, as not doing that could be a root cause for many other bugs that could pop up over time,” he said.

Reference:https://winbuzzer.com/2020/03/20/microsoft-fixes-azure-security-vulnerability-before-researchers-can-report-it-xcxwbn/

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

What’s new: Microsoft Teams connector in Public Preview
Security Operations

AMA for Azure Sentinel on the Microsoft Security Insights Podcast and Twitch Stream

January 25, 2021
What’s new: Microsoft Teams connector in Public Preview
Security Operations

How to Setup a Managed Identity for the Azure Sentinel Logic App Connector

January 21, 2021
Microsoft suspends 18 Azure accounts tied to China-based hackers
Security Operations

Azure Sentinel Daily Task: Hunting Queries and Bookmarks

January 1, 2021
Next Post
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Microsoft Tunnel Makes Connecting to Corporate Apps Easier from Android and iOS

What’s new: Microsoft Teams connector in Public Preview

The Best Online Microsoft Azure Courses and Training

Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Upstream Security Joins the Microsoft Intelligent Security Association to Defend Against Automotive Cybersecurity Threats

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services

Compliance Reporting for Azure

3 months ago
What’s new: Microsoft Teams connector in Public Preview

The Best Online Microsoft Azure Courses and Training

3 months ago
Microsoft is quietly becoming a cybersecurity powerhouse

What is the app@sharepoint Account in my Azure Sentinel Data?

2 months ago
Azure Sentinel To-Go (Part2): Integrating a Basic Windows Lab 🧪 via ARM Templates 🚀

Azure Sentinel To-Go (Part2): Integrating a Basic Windows Lab 🧪 via ARM Templates 🚀

5 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Trending

What’s new: Microsoft Teams connector in Public Preview
IR

How to Generate Azure Sentinel Incidents for Testing

by Azure Sentinel News Editor
February 26, 2021
0

Do you want to generate an Incident in Azure Sentinel for testing/demoing? Here’s a couple easy ways...

What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

February 17, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021
  • The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting February 22, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News