Four Different Microsoft Azure Services Found Vulnerable to Server-Side Request Forgery Attacks

Microsoft Azure Services Flaws Could've Exposed Cloud Resources to Cyberattacks

According to a blog post Tuesday by Orca Security, four Microsoft Azure services have been found vulnerable to server-side request forgery (SSRF). The security issues were discovered by Orca between October 8, 2022 and December 2, 2022. The vulnerable services include: Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digitals.

SSRF attacks can be a considered a significant security concern, as a successful attempt allows the attacker to abuse functionality of a server, enabling lateral movement or remote code execution. In a statement, Microsoft said it took action to resolve all four vulnerabilities as soon as they were reported and determined them to be low risk since they do not allow access to sensitive information or Azure backend services.

Read the full article here.

Want to learn more about securing and protecting your hybrid Active Directory from cyberattacks?

Discover ways protect your hybrid Active Directory (AD) before, during, and after a cyberattack with Cayosoft’s ITDR and IGA solutions. In this solution brief, learn steps to achieve hybrid AD identity resilience, avoid costly outages, and guarantee instant AD recovery.

Check out these relevant resources.

New Survey Finds...

Active Directory forest recovery not taken serious enough. See what else your peers had to say.