Storage accounts at risk with new Microsoft Azure vulnerability

Microsoft Azure is being impacted by a "by-design" vulnerability, which could be exploited to compromise Microsoft Storage accounts and proceed with lateral movement and remote code execution attacks, according to The Hacker News. Orca researchers noted that such an exploitation path is facilitated by Shared Key authorization, which is being used by storage account access keys to authorize data access. Access tokens could be stolen through Azure Functions manipulation, which would later allow attackers with Storage Account Contributor account access to facilitate privilege escalation and system hijacking, the Orca report found. "By overriding function files in storage accounts, an attacker can steal and exfiltrate a higher-privileged identity and use it to move laterally, exploit and compromise victims' most valuable crown jewels," said Orca researcher Roi Nisimi. Organizations have been urged to leverage Azure Active Directory authentication in place of Azure Shared Key authorization to mitigate risks. Further updates on the functionality of Functions client tools on storage accounts are also being examined by Microsoft.