Tuesday, May 17, 2022
  • Hyderabad
  • Telangana
  • Andhra Pradesh
  • India
  • World
  • Entertainment
  • Science and Tech
  • Sport
  • Business
  • ...
    • NRI
    • View Point
    • cartoon
    • Columns
    • Reviews
    • Education Today
    • Property
    • Videos
    • Lifestyle
E-Paper
  • NRI
  • View Point
  • cartoon
  • Columns
  • Reviews
  • Education Today
  • Property
  • Videos
  • Lifestyle
Home | News | Microsoft Informs Customers About Security Bug In Azure Cloud

Microsoft informs customers about security bug in Azure Cloud

By IANS
Published: Updated On - 12:59 PM, Fri - 24 December 21
"This, when combined with an application configured to serve static content, makes it possible for others to download files not intended to be public," Microsoft said in a statement late on Thursday.

New Delhi: Microsoft has informed users about a ‘NotLegit’ bug in Azure Cloud that may have put some customers’ data at hacking risk.

The Microsoft’s Security Response Centre (MSRC) was informed by Wiz.io, a cloud security vendor, of an issue where customers can unintentionally configure the ‘.git folder’ to be created in the content root, which would put them at risk for information disclosure.

“This, when combined with an application configured to serve static content, makes it possible for others to download files not intended to be public,” Microsoft said in a statement late on Thursday.

“We have notified the limited subset of customers that we believe are at risk due to this and we will continue to work with our customers on securing their applications,” the company added.

App Service Linux customers who deployed applications using Local Git after files were created or modified in the content root directory are impacted.

“This happens because the system attempts to preserve the currently deployed files as part of repository contents, and activates what is referred to as in-place deployments by deployment engine (Kudu),” Microsoft informed.

Not all users of ‘Local Git’ were impacted by the vulnerability and the Azure App Service Windows was not affected, the company said.

Microsoft updated all PHP images to disallow serving the .git folder as static content as a defence in depth measure.

“We have notified customers who were impacted due to the activation of in-place deployment with specific guidance on how to mitigate the issue,” the company informed.

The Wiz Research Team said it first notified Microsoft of the issue on October 7 and the fix was deployed in November and customers were notified by December.

Wiz was paid a bug bounty of $7,500, reports ZDNet.

“Small groups of customers are still potentially exposed and should take certain user actions to protect their applications, as detailed in several email alerts Microsoft issued between the 7th – 15th of December, 2021,” said Wiz.

  • Follow Us :
  • Tags
  • Azure Cloud
  • Microsoft

Related News

  • Microsoft Xbox Live gaming suffers massive outage, fixed now

  • Microsoft open-sources code for 3D Movie Maker

  • Bill Gates warns of more fatal Covid variant, calls for global surveillance

  • Microsoft rolls out new feature for Office Insiders on iOS

  • Google gets bigger in Hyderabad

  • 10 mn people streamed games on Xbox Cloud Gaming: Satya Nadella

Latest News

  • Hyderabad: Pattana Pragathi in GHMC from May 20

    53 mins ago
  • Opinion: Towards sustainable greening

    60 mins ago
  • All set for transfer, promotion of teachers in Telangana

    1 hour ago
  • Editorial: Moment of glory

    1 hour ago
  • Hyderabad: GHMC installs steel portal frame for Shilpa Layout flyover

    1 hour ago
  • Hyderabad Traffic Police, BITS Pilani tie up to fix ‘black spots’

    1 hour ago
  • IPL 2022: SRH keep slim playoff hopes alive with three-run win over MI

    1 hour ago
  • Hyderabad startup to make noise at Cannes Film Festival

    1 hour ago

company

  • Home
  • About Us
  • Contact Us

business

  • Subscribe

telangana today

  • Telangana
  • Hyderabad
  • Latest News
  • Entertainment
  • World
  • Andhra Pradesh
  • Science & Tech
  • Sport

follow us

© Copyrights 2022 TELANGANA PUBLICATIONS PVT. LTD. All rights reserved. Powered by Veegam