As Microsoft CEO Satya Nadella insisted on securing the Azure cloud with integrated end-to-end identity, security and compliance solutions, cybercity firm Check Point revealed on Thursday that it had launched two major security threats at Microsoft Azure last year Flaws were identified that are now fixed.
Researchers at Israel-based Check Point found that a user on the Azure network could potentially control the entire server, opening the way for business code theft and manipulation.
The first security flaw was found in the Azure stack and the second security flaw was found in the Azure app service.
“Azure Stack Flaw would have enabled a hacker to obtain screenshots and sensitive information about the machines running on Azure. The Azure App Flaw would have enabled a hacker to take control of the entire Azure server, and consequently the business of their enterprises The code has to be controlled., “The firm said in a statement.
Check Point said it worked closely with Microsoft to resolve these issues, making the cloud more secure.
The first security flaw was revealed by Check Point on January 19 last year, while the second security flaw was revealed on June 27. By the end of 2019, full patches for both security flaws in Azure were released.
In the Azure stack flaw, Check Point researchers were able to take screenshots and pick up sensitive information about Azure tenants and infrastructure machines.
“This security flaw will allow the hacker to obtain sensitive information about any business whose machine is running on Azure,” the researchers said.
In the Azure app flaw, an attacker can control the server and business code.
Researchers at Check Point were able to prove that a hacker could compromise tenant’s applications, data, and accounts by creating a free user in the Azure cloud and running malicious Azure tasks.
The Check Point report states, “The end result will be that a hacker can potentially control the entire Azure server, and as a result control all of your business code.”
The revelation came during an earnings call Wednesday, as Nadella said that for security now, cybercrime will cost businesses, governments and individuals $ 1 trillion this year.
Nadella emphasized, “We are the only company that provides integrated end-to-end identity, security and compliance solutions to protect people and organizations.”
He said that Azure is the only cloud that provides consistency across the operating model, development environment and infrastructure stack, allowing customers to bring cloud compute and intelligence to any connected or disconnected environment.
“Azure Stack Edge brings machine learning closer to the way data is generated and the new rugged Azure Stack form factors provide cloud capabilities even in harsh conditions like disaster response,” he explained.
Nadella stressed, “Our different approach to the cloud and the edge is winning customers. The US Department of Defense chose Azure to support our men and women at home, abroad and their strategic edge.”
There will be 175 zettabytes of data by 2025, up from 40 zettabytes today.
Microsoft CEO said, “Processing this data in real-time will be an operational imperative for every organization. Azure Synapse is our boundless analytics service. It combines big data analytics and data warehousing with unmatched performance, scale and security Brings, ”said the CEO of Microsoft.