Orca Security announces newly discovered Microsoft Azure vulnerabilities

January 30 2023

Orca Security, a cybersecurity research organization, announced that its researchers have uncovered new Azure security vulnerabilities. The vulnerability involved server-side request forgery (SSRF), that Orca promptly reported to the Microsoft Security Response Center.

According to Orca, the vulnerability affected four services: API Management, Functions, Machine Learning, and Digital Twins. The researchers were able to exploit two vulnerabilities without requiring authentication, sending requests in place of the server without an Azure account. Attackers could, in theory, scan local ports, files, and endpoints to plan a broader attack.

Microsoft implemented several SSRF countermeasures in 2020, including requirements to access an instance metadata service endpoint, as well as Identity Header for App Service and Functions.

FREE Membership Required to View Full Content:

Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

Orca Security announces newly discovered Microsoft Azure vulnerabilities

FREE Membership Required to View Full Content:

Insights, powered by InsideView, re-released for Microsoft Dynamics 365

Updates in the Microsoft Dynamics 365 for Finance and Operations October 2018 release that made users cheer at Summit 2018

Lotus F1 Team Goes Live with Phase 1 of Microsoft Dynamics AX Solution

Azure Insights: Container Insights authentication issues; non-HTTP Azure Functions; Tags and Graph; IoT Hub and PowerShell