AWS, Azure Vulnerabilities Would Have Allowed Access To Other Customers’ Accounts

Researchers from Orca Security have found two vulnerabilities in Amazon’s AWS and Microsoft’s Azure clouds that could have allowed users access to other customers’ infrastructure.

Both Amazon and Microsoft fixed the problems before anyone was compromised.

“This is the beauty of the cloud,” said Orca security researcher Yanir Tsarimi, who discovered the problems. “If an issue like this is discovered it’s fixed by the vendor and customers don’t have to do anything about it. It just gets taken care of.”

Tsarimi reported the AutoWarp cross-tenant vulnerability to Microsoft on December 6, he told Data Center Knowledge, and Microsoft patched it four days later.

There was no evidence that any attackers have exploited this vulnerability before it was patched, Microsoft said a statement released on Monday.

Read full article at Data Center Knowledge.