Microsoft is warning impacted customers of a flaw in Azure Container Instances (ACI) that could allow individuals to access other customers information.
It’s been a bad few weeks for Microsoft on the security front. Research firm Wiz discovered a flaw — named #ChaosDB — in Azure’s Cosmos DB that could allow a hacker to access other users’ databases.
Now Palo Alto Networks have discovered a new flaw that could allow a malicious user to gain access to other information in the ACI service, according to Microsoft. The company says it has already fixed the vulnerability and has notified impacted customers.
There is no indication any customer data was accessed due to this vulnerability. Out of an abundance of caution, notifications were sent to customers potentially affected by the researcher activities, advising they revoke any privileged credential that were deployed to the platform before August 31, 2021.
If you did not receive a Service Health Notification, no action is required. The vulnerability is fixed and our investigation surfaced no unauthorized access in other clusters. If you are unsure whether your subscription or organization has received a notification, please contact Azure Support. If you have any concerns, rotating privileged credentials is a good periodic security practice and would be an effective precautionary measure.
As the second-largest cloud provider, Microsoft better get a handle on its security issues before it starts losing customer confidence.