Security researchers find Azure Functions vulnerability

Limited Time Offer!

For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!

Enroll Now

Source:-https://www.securitymagazine.com/

Intezer researchers discovered a new vulnerability in Azure Functions, which would allow an attacker to escalate privileges and escape the Azure Functions Docker container to the Docker host.
Azure Functions is a serverless compute service that allows users to run code without having to provision or manage infrastructure. Azure Functions is Microsoft’s equivalent to Amazon Web Services’ well-known Lambda service, says Intezer.
After an internal assessment Microsoft has determined that the vulnerability has no security impact on Function users as the Docker host itself is protected by a Hyper-V boundary. They have made the changes to block /etc and the /sys directories based on Intezer’s findings since this change has already been deployed.
“Instances like this underscore that vulnerabilities are sometimes out of the cloud user’s control. Attackers can find a way inside through vulnerable third-party software. While you should focus on reducing the attack surface as much as possible, you also need to prioritize the runtime environment to make sure you don’t have any malicious code lurking in your systems,” says Intezer.
Jigar Shah, Vice President at Valtix, says, “As enterprises adopt new approaches, like serverless and micro-services architecture, simply relying on the underlying security of these services or those from the cloud provider is just asking for trouble. The old mantra of reducing the attack surface and defense in depth is still crucial: use attribute-based access control, and apply URL filtering for all outbound flows. Network Security 101 does not disappear because we moved to public clouds.”
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x