Orca Security announces newly discovered Microsoft Azure vulnerabilities

January 30 2023

Orca Security, a cybersecurity research organization, announced that its researchers have uncovered new Azure security vulnerabilities. The vulnerability involved server-side request forgery (SSRF), that Orca promptly reported to the Microsoft Security Response Center.

According to Orca, the vulnerability affected four services: API Management, Functions, Machine Learning, and Digital Twins. The researchers were able to exploit two vulnerabilities without requiring authentication, sending requests in place of the server without an Azure account. Attackers could, in theory, scan local ports, files, and endpoints to plan a broader attack.

Microsoft implemented several SSRF countermeasures in 2020, including requirements to access an instance metadata service endpoint, as well as Identity Header for App Service and Functions.

FREE Membership Required to View Full Content:

Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

Orca Security announces newly discovered Microsoft Azure vulnerabilities

FREE Membership Required to View Full Content:

Summit 2016: First Look at Microsoft Dynamics 365, with stories of transformational impact

Event Preview: D365 Tech Connect welcomes Dynamics developers, admins, and SMEs

5 Ways Microsoft Dynamics CRM Online Users Prepare for Successful Deployments

Advancing Quality Beyond Compliance: How to manage quality control for strategic gain