31st January, 2020
1 Min read
Book a Demo
Check Point Research analysts who discovered two vulnerabilities in the Microsoft Azure cloud infrastructure have published the details of how these flaws were found and how attackers could potentially use them.
The research team began exploring Azure infrastructure in an effort “to disprove the assumption that cloud infrastructures are secure,” says security researcher Ronen Shustin in a blog post. Check Point informed Microsoft of the vulnerabilities as they were discovered throughout 2019; security patches were deployed for both flaws by the end of the year.
Reduce your AWS costs by over 50%
Discover your Cloud Saving Potential – Answer just 5 simple questions. AppsFlyer, Playtika, Lufthansa, IBM, top leading companies are already using our FinOps services.
CVE-2019-1234 is a server-side request forgery bug in an on-prem Azure environment called Azure Stack, a hybrid cloud tool for enterprise use. A spoofing flaw exists when Azure Stack fails to validate certain requests. Attackers could exploit this by sending a crafted request to the Azure Stack portal; if successful, they could make requests to internal Azure Stack resources.