Microsoft fixes critical Azure bug that exposed customer data
07-Mar-22
Process automation, configuration management, and update management are all available through Microsoft Azure Automation Service, with each scheduled job executing in its own isolated sandbox for each Azure client.
An attacker may take other Azure customers’ Managed Identities authentication tokens from an internal server that administers other users’ sandboxes, thanks to the vulnerability, called AutoWarp by Orca Security’s Cloud Security Researcher Yanir Tsarimi, who identified it.
