Connect with us

Hi, what are you looking for?


Cloud Security

Microsoft Azure Flaws Exposed RHEL Instances

Vulnerabilities in Microsoft’s Azure cloud platform could have been exploited by attackers to gain administrator access to Red Hat Enterprise Linux (RHEL) instances and storage accounts, according to a software engineer.

Vulnerabilities in Microsoft’s Azure cloud platform could have been exploited by attackers to gain administrator access to Red Hat Enterprise Linux (RHEL) instances and storage accounts, according to a software engineer.

Azure and Amazon Web Services (AWS) rely on the Red Hat Update Infrastructure (RHUI) to manage yum repository content for RHEL instances. Red Hat Update Appliances, which contact the Red Hat Network to fetch new and updated packages, have been created by Microsoft and Amazon for each region.

While trying to create a RHEL image that could be used on both Azure and AWS, Irish researcher Ian Duffy noticed that some Red Hat Package Manager (RPM) files contained client configurations for each region. This allowed the discovery of all Red Hat Update Appliances, with all servers exposing their REST APIs over HTTPS.

An application running on port 8080 revealed the locations of archives containing logs and configuration files. The archives included SSL certificates that could be used to gain full administrative access to Red Hat Update Appliances.

Full access to an appliance’s REST API and the lack of package signature checks allowed an attacker to upload packages that would be acquired by client virtual machines when performing a yum update. With the yum update installed, the attacker may have been able to gain root access to all virtual machines that executed the update.

In addition to data stored in virtual machines, an attacker might have been able to obtain access to storage accounts.

“Given some poor implementation within the mandatory Microsoft Azure Linux Agent (WaLinuxAgent), one is able to obtain the administrator API keys to the storage account used by the virtual machine for debug log shipping purposes. At the time of research, this storage account defaulted to one shared by multiple virtual machines,” Duffy said. “If the storage account was used by multiple virtual machines there is potential to download their virtual hard disks.”

The flaws were reported to Microsoft through the company’s bug bounty program. The tech giant confirmed the issues and took steps to prevent public access to the app on port 8080 and Red Hat Update Appliances.

Advertisement. Scroll to continue reading.

Related Reading: Microsoft Officially Launches Azure Security Center

Related Reading: Microsoft Details Security Responsibilities for Azure Cloud Customers

Related Reading: Microsoft Announces Azure Information Protection Service

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.