Tenable discovered a high-severity vulnerability in Microsoft’s Azure Network service tags that could allow attackers to bypass firewall rules. Microsoft, however, rejected the classification of the issue as a vulnerability and instead provided customers with enhanced guidance on mitigating the risk. While Microsoft acknowledged Tenable’s contribution to the Azure community, the company stated that service tags function as designed and that best practices needed to be clearly communicated to users.
The issue highlighted the risk of relying solely on service tags as a security mechanism and emphasized the importance of implementing additional security measures to protect network traffic in Azure environments. Microsoft recommended that customers review Azure security documentation and evaluate their use of virtual network service tags to determine if additional measures are necessary.
Tenable advised Azure customers to analyze their networking rules, add authentication and authorization layers, and maintain strong network authentication to defend against potential attacks. Despite the disagreement over the classification of the issue, both Tenable and Microsoft emphasized the importance of addressing gaps in security to ensure the protection of user assets in Azure environments.
The collaboration between Tenable and Microsoft to disclose the potential risk associated with service tags reflects a shared commitment to enhancing security measures for Azure customers. While past disagreements between the two companies over security issues have arisen, the recent disclosure underscores the importance of proactive security practices and ongoing collaboration to address emerging threats. By working together to address security vulnerabilities and communicate best practices, Tenable and Microsoft aim to bolster the security posture of Azure environments and protect user assets from potential attacks.
Article Source
https://www.techtarget.com/searchsecurity/news/366587622/Tenable-warns-of-vulnerability-in-Azure-service-tags
