Vulnerability found in Azure functions that could allow an attacker to escalate privileges and escape the Docker container that hosts them.
Vulnerabilityfound in Azure functions that could allow an attacker to escalate privileges and escape the Docker container that hosts them.
Azure Functions is a compute-on-demand experience that extends the existing Azure application platform with capabilities to implement code triggered by events occurring in Azure or third party service as well as on-premises systems.
Paul Litvak, a cybersecurity researcher from Intezer Lab uncovered an unpatched vulnerability in Microsoft Azure Functions that could be exploited by an attacker.
“We found a new vulnerability in Azure Functions, which would allow an attacker to escalate privileges and escape the Azure Functions Docker container to the Docker host.” reads the post published by Intezer Lab.
After an internal assessment Microsoft has specified that the vulnerability has no security impact on Function users as the Docker host itself is protected by a Hyper-V boundary.
Azure Functions can be triggered by HTTP requests and run for only a few minutes, just in time to handle the event. The user’s code is run on an Azure-managed container and served without requiring the user to manage their infrastructure. The experts found that the code is not segmented securely and could be abused to escape to access the underlying environment.
They have made the changes to block /etc and the /sys directories based on Intezer's findings since this change has already been deployed.
"Instances like this underscore that vulnerabilities are sometimes out of the cloud user’s control. Attackers can find a way inside through vulnerable third-party software. While you should focus on reducing the attack surface as much as possible, you also need to prioritize the runtime environment to make sure you don’t have any malicious code lurking in your systems," said Intezer.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?