Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cloud Flaws. Show all posts
Partner Center bug
AI vulnerabilities Cloud Flaws CVE-2024-49035 Cyber Security Microsoft Power Microsoft security update Partner Center bug

Microsoft Addresses Security Flaws in AI, Cloud, and Enterprise Platforms, Including Exploited Vulnerability

 

Microsoft has patched four critical security vulnerabilities affecting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center services. One of these flaws, CVE-2024-49035, has reportedly been exploited in real-world scenarios.
 
The vulnerability CVE-2024-49035, carrying a CVSS score of 8.7, involves a privilege escalation flaw in the Partner Center (partner.microsoft[.]com). Microsoft described it as: "An improper access control vulnerability in partner.microsoft[.]com allows an unauthenticated attacker to elevate privileges over a network."

The flaw was reported by Gautam Peri, Apoorv Wadhwa, and an anonymous researcher. However, Microsoft has not disclosed specifics regarding its exploitation in active attacks.

Alongside CVE-2024-49035, three other vulnerabilities were patched, two of which are rated Critical:

  • CVE-2024-49038 (CVSS score: 9.3): A cross-site scripting (XSS) flaw in Copilot Studio enabling unauthorized privilege escalation over a network.
  • CVE-2024-49052 (CVSS score: 8.2): A missing authentication vulnerability in Microsoft Azure PolicyWatch, allowing unauthorized privilege escalation.
  • CVE-2024-49053 (CVSS score: 7.6): A spoofing flaw in Microsoft Dynamics 365 Sales that could redirect users to malicious sites via specially crafted URLs.
  • Mitigations and User Recommendations
  • Most vulnerabilities have been automatically addressed through updates to Microsoft Power Apps. However, users of Dynamics 365 Sales apps for Android and iOS should upgrade to the latest version (3.24104.15) to protect against CVE-2024-49053.
Microsoft continues to emphasize proactive updates and security monitoring to safeguard against emerging threats.
Read more »
Vulnerabilities and Exploits
Cloud Flaws Docker Engine API Leaky Vessels Vulnerabilities and Exploits

'Leaky Vessels' Cloud Flaws Enable Container Escapes Worldwide

 

Researchers discovered a collection of four vulnerabilities in container engine components dubbed "Leaky Vessels," three of which allow the perpetrators to escape out of containers and perform malicious operations on the host system.

One of the vulnerabilities, CVE-2024-21626, affects runC, a lightweight container runtime for Docker and other container environments. It is the most critical of the four vulnerabilities, with a severity score of 8.6.  According to Rory McNamara, a staff security researcher at Snyk (which identified the flaws and reported them to Docker), the runC bug allows container escape during both build and runtime. 

In worst-case scenarios, a hacker who acquires unauthorised access to an underlying host operating system may be able to access anything else running on the same host, including critical credentials that allow the adversary to launch new attacks.

"Since this vulnerability affects anybody using containers to build applications — essentially every cloud-native developer worldwide — unchecked access could potentially compromise entire Docker or Kubernetes host systems," McNamara stated. 

The other three flaws impact Docker's default container image building toolkit, BuildKit. One of these (CVE-2024-23651) is a race condition affecting how cache levels are installed during runtime. Another vulnerability (CVE-2024-23653) impacts a security model in BuildKit's remote function call protocol, while the third (CVE-2024-23652) is a file deletion flaw in BuildKit.

In a blog post published on January 31, the security vendor urged businesses to "check for updates from any vendors providing their container runtime environments, including Docker, Kubernetes vendors, cloud container services, and open source communities."

Snyk pointed out the widespread use of the impacted container image components and build tools as a reason for businesses to upgrade to patched versions as soon as their providers publish them. 

Two of the Docker BuildKit vulnerabilities (CVE-2024-23651 and CVE-2024-23653) are build-time escapes. "The final Docker bug (CVE-2024-23652) is an arbitrary host file delete, meaning that it's not a traditional container escape," McNamara said. 

A rising concern 

Container vulnerabilities are becoming a growing worry for businesses. A Sysdig study published last year revealed that 87% of container images in production contain at least one high or critical severity vulnerability. 

The company attributed the high percentage of flaws to organisations' hurry to implement cloud apps without prioritising security concerns. Rezilion's 2023 research discovered hundreds of Docker container images with vulnerabilities that typical vulnerability detection and software composition analysis technologies could not detect. 

Over the last year, the trend has shifted perceptions of container security. According to a D-Zone survey, only 51% of respondents believe containerisation makes their applications more safe, down from 69% in 2021. 44% claimed containerisation made their application environment less safe, compared to 7% in 2021.
Read more »
Subscribe to: Posts (Atom)