New vulnerability exposes Microsoft Azure customers to a cyberattack
3 min. read
Published on
Share this article
Improve this guide
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Microsoft, on many occasions, has bragged about the security of their infrastructure including Microsoft Azure. However, the company has suffered security breaches in the past and according to a new report, Microsoft Azure users might be vulnerable to a cyberattack.
As per a new data shared by Check Point Research, around a dozen vulnerabilities have been identified in a commonly used protocol that left millions of Microsoft cloud users open to a cyberattack. In a presentation earlier this week at the Black Hat security conference, the firm noted that flaws in the Remote Desktop Protocol (RDP) could be exploited to change the code allowing hackers to view, change, and delete data or create new accounts with full administrative rights. While the RDP was originally developed by Microsoft, several apps use the protocol on both Linux and Mac.
Check Point Research also noted that a vulnerability has been identified inside the Hyper-V Manager that allows users to create and manage Virtual Machines on Windows.
Any user that connects to or works on a Windows machine in the cloud, or uses Microsoft’s local Hyper-V virtual machines, could be a possible target of the attack that we described and demonstrated.
As the saying goes: your system is only as strong as its weakest link. In other words, by depending on other software libraries, Hyper-V Manager inherits all of the security vulnerabilities that are found in RDP, and in any other software library that it uses.
– Check Point Research (via Motherboard)
While the open-source community was quick to react to this and patch the vulnerability, Microsoft still hasn’t patched the original mstc.exe. Microsoft was quick to point out that while the vulnerabilities were significant, it didn’t reach Microsoft’s “bar for servicing.” The company, however, did issue a patch and CVE (Common Vulnerabilities and Exposures) alert after Check Point informed them about the problem with Hyper-V manager.
We were disappointed by their initial response, and once we told them about the connection to their Hyper-V products, we immediately received a different response, ending in them recognizing this as a vulnerability, and eventually releasing a patch for it.
– Eyal Itkin, Check Point Research (via Motherboard)
A security update was released in July. Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected.
– Microsoft (via Motherboard)
