Microsoft confirmed a major vulnerability from late 2019 in which its cloud security in Azure had “a perfect 10.0” flaw. Check Point, a cyber security firm that offers cloud security, targeted popular cloud-based softwares to find vulnerabilities, finding success in WhatsApp, TikTok, Zoom, and Microsoft.
Details of the vulnerability include the ability of any user to break cloud isolation and intercept code or manipulate programs of other users. The isolation of the cloud is what allows multiple users to safely share the same hardware.
Yaniv Balmas, head of cyber research for Check Point, told Forbes the vulnerability “undermines the concept of cloud security. You can’t prevent it, you can’t protect yourself. The only one who can is the cloud provider.”
Microsoft released a patch to fix the issue as part of a “Patch Tuesday” rollout late last year, but did not provide detail on the vulnerability beyond a three sentence statement. Earlier this month, Microsoft released more information on the exploitability of the vulnerability.