Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Researchers uncover major security issue in Microsoft Azure - here's what we know

A person at a laptop with a secure lock symbol floating above it.

Microsoft’s Azure cloud platform carries a high-severity security vulnerability that could result in victim organizations unknowingly executing malware on their endpoints, experts have warned. 

Researchers from Vectra outlined the issue in a recent blog post, noting that the vulnerability lies in Azure Logs, a tool that - ironically enough - is used to track malicious activity in a cloud environment (among other things). While logs sound like something an Azure admin would only read - and not edit - there are some pieces of data the user has control over, such as user IDs, email addresses, message subjects, and similar. 

By injecting malicious data into the logs, the applications processing it could be tricked into executing malware, the researchers claim.

CSV Injection

“For example, one could submit a fake email address containing an XSS (Cross-Site Scripting) payload in an account signup form,” the research reads. “And the application administrator that opens this log in a browser may become the victim of an XSS attack.”

But there is another way to drop malware onto people’s devices - called CSV Injection. As Azure Logs can be downloaded as a CSV file (Comma Separated Values), it is possible for the file to contain an Excel formula that the program executes as the file is opened. Some formulas - you guessed it - could be malicious, forcing OS Command Execution and other exploits. “It can be hazardous not only because arbitrary commands can be run but also because users don't usually know about it, thinking that CSV files are just plain text files that cannot possibly cause any damage,” the report reads.

These vulnerabilities can be executed unauthenticated, the researchers concluded, suggesting that the attackers don’t need to have an account in the cloud environment. 

The good news is that the vulnerability doesn’t work on fully patched Excel instances, so make sure yours is up to date.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.