New serious Azure security flaws addressed

Microsoft has addressed two serious vulnerabilities impacting Azure Bastion and Azure Container Registry, which could be leveraged for unauthorized data access and virtual environment modifications, according to The Record, a news site by cybersecurity firm Recorded Future. Threat actors could have exploited the flaws to facilitate cross-site scripting, which could result in data exfiltration and total system compromise, said Orca Security researchers, who identified and reported the bugs to Microsoft. Microsoft emphasized that there has been no indication of any exploitation. "A series of fixes were developed and deployed according to our Safe Deployment Practices and completed on 24 May 2023, after which the issue is considered mitigated for both services. No further action is required from customers to remain secure," said Microsoft. Microsoft also reassured that its security teams have already been conducting variant hunting for newly identified vulnerabilities in an effort to curb XSS attacks in the future.