Warning Issued Over Azure Container Instances Vulnerability

Microsoft mitigated a vulnerability within Azure Container Instances (ACI) that could have allowed the bad actor to access sensitive customer information. Microsoft credited Palo Alto Networks for initially reporting the vulnerability and working with Microsoft Security Response Center (MSRC) researchers under a coordinated vulnerability disclosure to patch the issue.

The software company noted that it observed no instances of unauthorized access, to date, but notified customers “out of an abundance of caution.” Customers running on the same clusters as the researchers were informed via the Service Health Notifications tab in Azure Portal, with only those potentially affected contacted.

The firm is also advising that those who were possibly impacted revoke privileged credentials deployed to the platform prior to August 31, 2021. Common locations to specify container group configurations and secrets include:

  • Environment Variables.
  • Secret Volumes.
  • Azure file share.
  • Consult these security best practices resources.
  • Azure Container Instances Security Baseline.
  • Azure Container Instances Security Considerations.

Microsoft suggests customers should frequently revoke privileged credentials in addition to remaining up to date on security related issues via Azure Service Health Alerts.

Additional information is available via the MSRC.