Friday, Sep 22, 2023
English News
  • Hyderabad
  • Telangana
  • AP News
  • India
  • World
  • Entertainment
  • Science and Tech
  • Sport
  • Business
  • Rewind
  • ...
    • NRI
    • View Point
    • cartoon
    • Columns
    • Education Today
    • Reviews
    • Property
    • Videos
    • Lifestyle
E-Paper
  • NRI
  • View Point
  • cartoon
  • Columns
  • Reviews
  • Education Today
  • Property
  • Videos
  • Lifestyle
Home | News | Microsoft Informs Customers About Security Bug In Azure Cloud

Microsoft informs customers about security bug in Azure Cloud

"This, when combined with an application configured to serve static content, makes it possible for others to download files not intended to be public," Microsoft said in a statement late on Thursday.

By IANS
Updated On - 12:59 PM, Fri - 24 December 21
Microsoft informs customers about security bug in Azure Cloud
whatsapp facebook twitter telegram

New Delhi: Microsoft has informed users about a ‘NotLegit’ bug in Azure Cloud that may have put some customers’ data at hacking risk.

The Microsoft’s Security Response Centre (MSRC) was informed by Wiz.io, a cloud security vendor, of an issue where customers can unintentionally configure the ‘.git folder’ to be created in the content root, which would put them at risk for information disclosure.

“This, when combined with an application configured to serve static content, makes it possible for others to download files not intended to be public,” Microsoft said in a statement late on Thursday.

“We have notified the limited subset of customers that we believe are at risk due to this and we will continue to work with our customers on securing their applications,” the company added.

App Service Linux customers who deployed applications using Local Git after files were created or modified in the content root directory are impacted.

“This happens because the system attempts to preserve the currently deployed files as part of repository contents, and activates what is referred to as in-place deployments by deployment engine (Kudu),” Microsoft informed.

Not all users of ‘Local Git’ were impacted by the vulnerability and the Azure App Service Windows was not affected, the company said.

Microsoft updated all PHP images to disallow serving the .git folder as static content as a defence in depth measure.

“We have notified customers who were impacted due to the activation of in-place deployment with specific guidance on how to mitigate the issue,” the company informed.

The Wiz Research Team said it first notified Microsoft of the issue on October 7 and the fix was deployed in November and customers were notified by December.

Wiz was paid a bug bounty of $7,500, reports ZDNet.

“Small groups of customers are still potentially exposed and should take certain user actions to protect their applications, as detailed in several email alerts Microsoft issued between the 7th – 15th of December, 2021,” said Wiz.

Telangana Today Whatsapp
  • Follow Us :
  • Tags
  • Azure Cloud
  • Microsoft

Related News

  • Microsoft bets big on AI with copilot-driven Windows 11, new Surface devices

    Microsoft bets big on AI with copilot-driven Windows 11, new Surface devices

  • Microsoft revamps Paint app after 38 years, introduces layers & transparency features

    Microsoft revamps Paint app after 38 years, introduces layers & transparency features

  • Microsoft Edge shuts tablet-friendly ‘Web Select’ feature

    Microsoft Edge shuts tablet-friendly ‘Web Select’ feature

  • Iranian hackers target defence, satellite firms to gather secrets: Microsoft

    Iranian hackers target defence, satellite firms to gather secrets: Microsoft

  • Oracle, Microsoft strengthen collaboration to facilitate seamless cloud migration for customers

    Oracle, Microsoft strengthen collaboration to facilitate seamless cloud migration for customers

  • Microsoft introduces ‘background removal’ tool in Paint

    Microsoft introduces ‘background removal’ tool in Paint

Latest News

  • J-K: Army commander reviews operational preparedness along LoC

    5 mins ago
  • Tesla exploring to build battery storage factory in India

    15 mins ago
  • SEBI eases borrowing norms for large corporates

    25 mins ago
  • Israel to start vaccinations against new Omicron substrains

    36 mins ago
  • Chandrayaan-3 lander, rover set to ‘wake up’ from ‘sleep’ on moon

    45 mins ago
  • Telangana: After Tholi Mettu, Unnathi set to boost learning levels

    56 mins ago
  • India vs Australia: All eyes on Iyer, Surya

    1 hour ago
  • A guide to venues for ICC Cricket World Cup 2023 in India

    2 hours ago

company

  • Home
  • About Us
  • Contact Us

business

  • Subscribe

telangana today

  • Telangana
  • Hyderabad
  • Latest News
  • Entertainment
  • World
  • Andhra Pradesh
  • Science & Tech
  • Sport

follow us

© Copyrights 2022 TELANGANA PUBLICATIONS PVT. LTD. All rights reserved. Powered by Veegam