Tenable Research has reported a vulnerability in Microsoft Azure service tags that “allows an attacker to bypass firewall rules … by forging requests from trusted services.”
“The vulnerability was discovered initially in the Azure Application Insights service, but we and the Microsoft Security Response Center (MSRC) eventually found that it affects more than 10 other Azure services,” according to the report, released June 3. “In each case, attackers would be able to access other internal and private Azure services.”
