petri.com
Open in
urlscan Pro
2606:4700:20::ac43:4a2f
Public Scan
URL:
https://petri.com/microsoft-acknowledges-autowarp-critical-security-vulnerability-affecting-azure-automation-service
Submission: On March 11 via api from US — Scanned from DE
Submission: On March 11 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
GET https://petri.com
<form class="search-form" action="https://petri.com" method="get">
<label class="search-form_label _visuallyhidden" for="s">Search for:</label>
<input class="search-form_input" name="s" placeholder="Search" title="Search for:" type="search" value="">
<button class="search-form_button" type="submit"><i class="fas fa-search"></i><span class="_visuallyhidden">Search</span></button>
</form>GET https://petri.com
<form class="search-form" action="https://petri.com" method="get">
<label class="search-form_label _visuallyhidden" for="s">Search for:</label>
<input class="search-form_input" name="s" placeholder="Search" title="Search for:" type="search" value="">
<button class="search-form_button" type="submit"><i class="fas fa-search"></i><span class="_visuallyhidden">Search</span></button>
</form>GET https://petri.com
<form class="search-form" action="https://petri.com" method="get">
<label class="search-form_label _visuallyhidden" for="s">Search for:</label>
<input class="search-form_input" name="s" placeholder="Search" title="Search for:" type="search" value="">
<button class="search-form_button" type="submit"><i class="fas fa-search"></i><span class="_visuallyhidden">Search</span></button>
</form>Text Content
Search for: Search Sections Search for: Search * The Unofficial M365 Changelog * Sponsors * Learn * Forums * PodcastsToggle children * Enterprise Dish * M365 Knowledge * MJF Chat * Petri Dish * ResourcesToggle children * Webinars * Conferences * Newsletters * WindowsToggle children * Windows 10 * Windows 8 * Windows 7 * Windows Server * CloudToggle children * Microsoft Azure * Amazon Web Services * Google Cloud * Office 365 * Microsoft 365 * ServersToggle children * Exchange Server * SQL Server * Backup & Storage * SharePoint * Security * PowerShell Follow us * * * * * The Unofficial M365 Changelog * Sponsors * Learn * Forums * PodcastsToggle childrenToggle children * Enterprise Dish * M365 Knowledge * MJF Chat * Petri Dish * ResourcesToggle childrenToggle children * Webinars * Conferences * Newsletters Search for: Search Sections * WindowsToggle children * Windows 10 * Windows 8 * Windows 7 * Windows Server * CloudToggle children * Microsoft Azure * Amazon Web Services * Google Cloud * Office 365 * Microsoft 365 * ServersToggle children * Exchange Server * SQL Server * Backup & Storage * SharePoint * Security * PowerShell Follow us * * * * * WindowsToggle childrenToggle children * Windows 10 * Windows 8 * Windows 7 * Windows Server * CloudToggle childrenToggle children * Microsoft Azure * Amazon Web Services * Google Cloud * Office 365 * Microsoft 365 * ServersToggle childrenToggle children * Exchange Server * SQL Server * Backup & Storage * SharePoint * Security * PowerShell Follow us * * * * Previous THIS WEEK IN IT - MICROSOFT WANTS TO SECURE GOOGLE CLOUD BUT JOHN MALKOVICH ISN’T IMPRESSED Next MICROSOFT 365 APPS AND SERVICES TO DROP SUPPORT FOR SOME TLS CERTIFICATES IN 2025 Microsoft Azure|Security MICROSOFT ACKNOWLEDGES "AUTOWARP" CRITICAL SECURITY VULNERABILITY AFFECTING AZURE AUTOMATION SERVICE Rabia Noureen | Mar 08, 2022 Microsoft has addressed a new critical security vulnerability in its Azure Automation service. The exploit labeled “AutoWarp” was mitigated in December 2021, and the company confirmed that it could enable malicious actors to get access to the data and resources of other Azure customers. The cross-tenant vulnerability was first discovered by a researcher at Orca Security and reported to Microsoft on December 6, 2021. Essentially, the AutoWarp flaw allows threat actors to access the Managed Identities tokens of other tenants. “Someone with malicious intentions could’ve continuously grabbed tokens, and with each token, widen the attack to more Azure customers,” explained Yoav Alon, CTO at Orca Security. “This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer.” Sponsored Content Devolutions Remote Desktop Manager Devolutions RDM centralizes all remote connections on a single platform that is securely shared between users and across the entire team. With support for hundreds of integrated technologies — including multiple protocols and VPNs — along with built-in enterprise-grade password management tools, global and granular-level access controls, and robust mobile apps to complement desktop clients. Learn More Microsoft Azure Automation is a popular service that lets organizations create, deploy, monitor, as well as maintain their cloud resources. It helps users save time and resources by making it easier to automate their repetitive management tasks. The Azure Automation service provides several features and capabilities such as process automation, configuration, and update management. MICROSOFT PATCHED THE AUTOWARP SECURITY FLAW IN DECEMBER 2021 The AutoWarp security flaw potentially exposed several Azure customers, and the list includes accounting firms, a banking conglomerate, a global telecom company, car manufacturers, and more. The Redmond giant released a patch on December 10 that fixed the security flaw by preventing unauthorized access to authorization tokens to all sandbox environments. Microsoft claims that it has not found any evidence that these tokens have been exploited by threat actors in malicious attacks. However, all Azure Automation service users that may have been affected by the AutoWarp vulnerability have been notified, and the company is recommending customers follow the security guidelines available on this support page. RELATED TOPICS: Microsoft Azure Security MEMBER LOGIN: BECOME A PETRI MEMBER: Don't have a login but want to join the conversation? Sign up for a Petri Account Register Comments (0) LEAVE A REPLY CANCEL REPLY You must be logged in to post a comment. RABIA NOUREEN Follow on RSS MORE ARTICLES BY RABIA NOUREEN News MICROSOFT 365 APPS AND SERVICES TO DROP SUPPORT FOR SOME TLS CERTIFICATES IN 2025 Mar 11, 2022 | Rabia Noureen Video THIS WEEK IN IT - LINUX GETS ITS PIPES DIRTY Mar 11, 2022 | Russell Smith News MICROSOFT’S NEW OFFICE.COM UI NOW AVAILABLE FOR ALL BUSINESS AND EDUCATION CUSTOMERS Mar 11, 2022 | Rabia Noureen RELATED ARTICLES News MICROSOFT 365 APPS AND SERVICES TO DROP SUPPORT FOR SOME TLS CERTIFICATES IN 2025 Mar 11, 2022 | Rabia Noureen News MICROSOFT ANNOUNCES PUBLIC PREVIEW OF AZURE AD MULTI-STAGE ACCESS REVIEWS Mar 02, 2022 | Rabia Noureen Video THIS WEEK IN IT - MICROSOFT WANTS TO SECURE GOOGLE CLOUD BUT JOHN MALKOVICH ISN’T IMPRESSED Feb 25, 2022 | Russell Smith SUBSCRIBE TO PETRI NEWSLETTERSTHIS WEEK IN IT Petri.com shares the deep technology articles from MVPs and our own experts every Friday. Register for this weekly newsletter filled with the most impactful Petri.com articles from that week. All Newsletters Petri.com may use your contact information to provide updates, offers and resources that may be of interest to you. You can unsubscribe at any time. To learn more about how we manage your data, you can read our Privacy Policy and Terms of Service. !Already a Petri.com member? Login here for 1-click registration. Petri.com thanks our gold sponsor Afternoon Cyber Tea with Ann Johnson, a Microsoft Podcast Ann Johnson, Corporate Vice President, Business Development, Security, Compliance & Identity at Microsoft, talks with cybersecurity thought leaders and influential industry experts about the trends shaping the cyber landscape and what should be top-of-mind for the C-suite and other key decision makers. Ann and her guests explore the risk and promise of tools and systems powered by AI, IoT, machine learning, and other emerging technology, as well as the impact on how humans work, communicate, consume information, and live in this era of digital transformation. Access the Afternoon Cyber Tea Podcast More From Afternoon Cyber Tea with Ann Johnson Defending Against Advanced Actors, Ep 47 | 3.8.22 Building Customer Trust in the Face of Cyber Attacks, Ep 46 | 2.22.22 Cybersecurity & Privacy Protections, Ep 45 | 2.8.22 Follow Afternoon Cyber Tea with Ann Johnson on social media Learn more about our gold sponsor: Afternoon Cyber Tea with Ann Johnson RELATED ARTICLES News MICROSOFT 365 APPS AND SERVICES TO DROP SUPPORT FOR SOME TLS CERTIFICATES IN 2025 Mar 11, 2022 | Rabia Noureen News MICROSOFT ANNOUNCES PUBLIC PREVIEW OF AZURE AD MULTI-STAGE ACCESS REVIEWS Mar 02, 2022 | Rabia Noureen Video THIS WEEK IN IT - MICROSOFT WANTS TO SECURE GOOGLE CLOUD BUT JOHN MALKOVICH ISN’T IMPRESSED Feb 25, 2022 | Russell Smith Reach Out * Contact Us * Advertise With Us * About Us * Media Kit Learn More * Sponsors * Forums * Podcasts * Webinars * Newsletters Sitemap * Windows 10 * Cloud Computing * Office 365 * Microsoft 365 * Backup & Storage * SharePoint * Security * PowerShell * Windows Server * The Unofficial M365 Changelog JOIN THE CONVERSATION Create a free account today to participate in forum conversations, comment on posts and more. Join Follow us * * * * © 2022 BWW Media Group Privacy Policy Close this module GET-IT Microsoft 365 Collaboration and Productivity Accelerator for IT Pros1-Day Conference LIVE on Thursday, March 24th at 9:30 AM ET or 6:30 AM PT This Petri.com 1-Day virtual conference brings 7 sessions from industry experts, Microsoft Valuable Professionals (MVP), and Microsoft's customers that are designed to help IT pros understand and get the most out of the collaborative features in Microsoft 365. Instead of focusing on the technical 'how-to' of implementing and managing Microsoft 365, these sessions provide a deep dive into how Microsoft 365 apps can be used to solve business problems and how IT pros can champion their use with business leaders and users. Sponsored by: View Sessions and Learn More! Update Privacy Preferences An Elite CafeMedia Tech Publisher