Cloud Security, Threat Management, Threat Intelligence

Microsoft disputes Azure Service Tags vulnerability

Microsoft Azure logo

Microsoft has contradicted a Tenable report describing a high-severity vulnerability within Azure Service Tags that could be exploited to facilitate Azure service spoofing and firewall rule bypass, emphasizing service tags' purpose as routing mechanisms that should be used along with validation controls, according to BleepingComputer.

"Service tags are not a comprehensive way to secure traffic to a customer's origin and do not replace input validation to prevent vulnerabilities that may be associated with web request," said Microsoft.

However, such an issue — which also affects Azure DevOps, Azure API Management, Azure Machine Learning, and seven other Azure services — was noted by Tenable researcher Liv Matan to be potentially leveraged by threat actors to compromise private data from Azure clients.

"When configuring Azure services' network rules, bear in mind that Service Tags are not a watertight way to secure traffic to your private service. By ensuring that strong network authentication is maintained, users can defend themselves with an additional and crucial layer of security," said Matan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.