The Azure Service Tags product from Microsoft's renowned cloud service was recently revealed to pose a high-security risk, making customer data vulnerable to attacks. However, Microsoft was quick to refute these claims from security researchers as false, explaining that the Service Tags are not something to be worried about as they are not vulnerabilities.
In this new study, the researchers are advising customers and Microsoft to improve security and its system to avoid a massive attack, which the company is not worried about.
Azure Service Tags Exposes Customer Data, Big Security Risk?
Security research firm Tenable shared in a new blog post that Azure Service Tags from Microsoft pose a massive risk for its customers. Bad actors may take advantage of this vulnerability to gain unauthorized account access.
In this issue, hackers may bypass firewall rules that use Azure's Service Tags, bypassing security and leaving their data vulnerable.
The company called upon Microsoft to address these issues, claiming that they and the Microsoft Security Response Center (MSRC) later discovered that it affects as many as ten other Azure services. Tenable said that with Azure Service Tags, customers do not have extra protection that may fight against attacks.
Microsoft Defends Azure Service Tags Technology
However, Microsoft's release from MSRC seems to claim otherwise. It defends Azure Service Tags' technology and explains why it is not a threat. The company says that Azure Service Tags "are not to be treated as a security boundary," further stating that this is only a "routing mechanism" for validation controls.
In its investigations, Microsoft has not yet received reports of service tag abuse that could leave a customer vulnerable. Despite this, Microsoft advises customers to add extra layers of protection.
Microsoft Azure Security Issues
Microsoft and Azure have faced challenges in the past relating to the security and technical flaws of the cloud service, and they have successfully resolved those issues. Previously, a so-called 'AutoWarp' bug has posed a problem that allowed unauthorized access to user accounts and has left customers vulnerable.
There were also claims behind the "largest attack in history" against the service, which targeted Azure's Asian customers in 2021.
The company discussed its findings in 2022, saying that this was a distributed denial of service (DDoS) attack that the company caught and prevented, centered on as much as 3.47 terabits per second of DDoS threat.
Azure is known to be one of the top cloud network platforms and services for a range of global companies, from startups to renowned companies that rely on their tech, with millions of customers under it.
This new research from Tenable exposed the Azure Service Tags' security issue , which Microsoft disputed, saying that there is no problem there and that it has not found anything concerning.
