Researchers at Intezer released details behind a previously undisclosed vulnerability that could allow Microsoft Azure users with low-level privileges to leak private data from any virtual machine extension plugged into their cloud environment. (Photo by Jeenah Moon/Getty Images)

Researchers at Intezer released details behind a previously undisclosed vulnerability that could allow Microsoft Azure users with low-level privileges to leak private data from any virtual machine extension plugged into their cloud environment.

Microsoft’s Azure Virtual Machine Linux uses an integrated plugin system that allows users to install first and third-party applications. In order to manage and update those installations, Azure installs a guest agent on systems to help coordinate and configure extension files. One of those communications takes place with an HTTP service called Wire Server that is used by Azure’s VM manager and helps users to query sensitive but encrypted data beyond what those extensions are authorized to access.