Microsoft Azure Services Vulnerable To SSRF

Contents

Summary Of The Attack

  • On January 17, 2023, four vulnerabilities in Microsoft Azure services were vulnerable to server-side request forgery (SSRF) attacks.
  • Services included Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins.
  • According to Orca researcher Lidor Ben Shitrit, the impact of these SSRF vulnerabilities on Microsoft Azure Services could have been significant if left unpatched.
  • Due to the swift action taken by Microsoft, these vulnerabilities were mitigated before they could cause any major damage.
.

What Happened?

On January 17, 2023, Orca Security reported that they had discovered four vulnerabilities in Microsoft Azure services that were vulnerable to server-side request forgery (SSRF) attacks.

The affected services included Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins.