Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Microsoft's latest update left all Azure RHEL instances hackable

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

November 28, 2016

Microsoft said earlier today that is has patched several security holes that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances.

Software engineer Ian Duffy discovered the software bugs while building a secure RHEL image for Microsoft Azure.

During that process, he did notice an installation script that Azure uses in its preconfigured RPM Package Manager that contains build host information that would allow attackers to find all four Red Hat Update Appliances which expose REST APIs over HTTPS.

That was an 'AHA' moment. From there on, Duffy found a package labelled Prepare RHUI (Red Hat Update Infrastructure) that runs on all Azure RHEL boxes, and contains the rhui-monitor.cloud build host.

Duffy accessed that host and found it had broken username and password authentication. This allowed him to access a backend log collector application which returned logs and configuration files along with a SSL certificate that granted full administrative access to the four Red Hat Update Appliances.

Duffy says all Azure RHEL images are configured without GPG validation checks meaning all would accept malicious package updates on their next run of yum updates.

"But in theory, if exploited, one could have gained root access to all virtual machines consuming the repositories by releasing an updated version of a common package and waiting for virtual machines to execute the yum updates," Duffy asserted.

"Compromising updates would just be a case of bumping the version number and releasing a package under the same name," he added.

Microsoft cancelled the access to rhui-monitor.cloud and rotated secrets to close the security issue, it said.

Additionally, Duffy found another security vulnerability within the mandatory Microsoft Azure Linux Agent (WaLinuxAgent) which exposed API keys for debugging purposes.

The flawed agent made it possible for Duffy to gain administrator API keys and then download virtual hard disks for any RHEL using the same storage account.

Source: Microsoft.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer