Skip to main content

Orca Security announces newly discovered Microsoft Azure vulnerabilities

by MSCN Reporter
Staff Writer, MSDynamicsWorld.com

Orca Security, a cybersecurity research organization, announced that its researchers have uncovered new Azure security vulnerabilities. The vulnerability involved server-side request forgery (SSRF), that Orca promptly reported to the Microsoft Security Response Center.

According to Orca, the vulnerability affected four services: API Management, Functions, Machine Learning, and Digital Twins. The researchers were able to exploit two vulnerabilities without requiring authentication, sending requests in place of the server without an Azure account. Attackers could, in theory, scan local ports, files, and endpoints to plan a broader attack.

Microsoft implemented several SSRF countermeasures in 2020, including requirements to access an instance metadata service endpoint, as well as Identity Header for App Service and Functions.

FREE Membership Required to View Full Content:

Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

About MSCN Reporter
More about MSCN Reporter