Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Azure Service Tags might be dangerous, claims Tenable, a cybersecurity company

However, Microsoft disagrees.

2 min. read

Published onJune 4, 2024

published onJune 4, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Tenable has made an unsettling finding just days after Microsoft announced thedeprecation of the Azure Update Delivery service tag. They have uncovered a weakness in Microsoft Azure’s Service Tags.

The tags are supposed to help those who use Azure manage network traffic and make their lives easier overall, and the flaw could let hackers access private information by pretending to be trustworthy Azure services.

Tenable Research has discovered a vulnerability in Azure that allows an attacker to bypass firewall rules based on AzureService Tagsby forging requests from trusted services. Customers who rely on these firewall rules for security are at risk from this vulnerability. They should take immediate action to mitigate the issue and ensure they are protected by robust layers of authentication and authorization.

Although the problem is serious, Microsoft maintains that Service Tags were never intended to serve as a security boundary. This viewpoint has initiated a discussion about the real safety of Azure services and what actions customers need to take to safeguard their data.

Service tags are not to be treated as a security boundary and should only be used as a routing mechanism in conjunction with validation controls. No exploitation or abuse of service tags has been reported by a third-party or seen in the wild per our own investigation.

Tenable, who deals with cybersecurity, has sounded the alarm about this problem, stating that attackers could circumvent firewall rules by utilizing these Service Tags. This kind of vulnerability isn’t limited to one or two services; it impacts at least ten different Azure services, such as Azure DevOps and Azure Machine Learning.

The message from Tenable for people who use Azure is simple: add more authentication and authorization steps. This shows that just having Service Tags is not enough; there must also be other protections to guard your assets. Tenable suggests that those using Azure check their security arrangements and make changes if needed.

In other news, Forrester Wave just named Microsofta top leader in cybersecurity. The Redmond-based tech giant had the highest scores in the strategy, current offering, and market presence categories.

More about the topics:Azure,Microsoft Azure

Flavius Floare

Tech Journalist

Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.

He’s always curious and ready to take on everything new in the tech world, covering Microsoft’s products on a daily basis. The passion for gaming and hardware feeds his journalistic approach, making him a great researcher and news writer that’s always ready to bring you the bleeding edge!

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Flavius Floare

Tech Journalist

Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.