Microsoft says Azure has flaw that would allow hackers to access data
Microsoft warned that its Azure cloud computing service was found to have a flaw that would allow hackers to access customers' data.
The flaw, discovered by Microsoft's security researchers, has been fixed, the company's security response team assured.
The team added that it found no evidence of hackers abusing the technique.
Microsoft advised some customers they should change their login credentials as a precaution.
In an interview, Palo Alto researcher Ariel Zelivansky said his team had been able to break out of Azure's system for containers that store users' programs for users.
The Azure containers used code, which had yet to be updated to patch a vulnerability.
Consequently, the team got full control of a cluster that included containers from other users.
The attack was the first attack on a cloud provider to use container escape to control other accounts.
Palo Alto reported the issue to Microsoft in July.
The effort took Zelivansky's several months and they ascertained that that malicious hackers probably had not used a similar method in real attacks.
It was the second major flaw found in Microsoft's core Azure system in as many weeks.
In late August, security experts at Wiz discovered a database flaw that would have allowed one customer to alter somebody else's data.
Zelivansky said that while cloud architectures are generally safe, Microsoft and other cloud providers can make fixes rather than rely on customers to apply updates.
He admitted that cloud attacks by well-funded adversaries, including governments, are a concern.