A vulnerability in Azure Automation put the data of entire Azure environments at risk. Today, Microsoft announced that the problem has been patched behind closed doors.
Microsoft Azure Automation is used for process automation and update management. The service allows customers to schedule various tasks within Azure. Scheduled tasks run in a sandbox environment unique to each customer. Yanir Tsarimi, cloud security researcher at Orca Security, found a severe vulnerability in the server that manages users’ sandboxes.
AutoWarp
Azure Automation users had access to other users’ authentication tokens (Managed Identities). The authentication tokens allow attackers to penetrate Azure environments. Each Azure Automation environment provided access to new authentication tokens, meaning attackers could have spread across environments at a rapid pace.
Could is the key word, because according to Microsoft, the vulnerability — codenamed AutoWarp — hasn’t been exploited to date. Today, the organization announced that the issue was patched on December 10, 2021, four days after security researcher Yanir Tsarimi sounded the alarm.
In a message to all Azure Automation users, Microsoft recommends adherence to Azure’s best security practices.