Microsoft Resolves Padding Oracle Vulnerability in Azure Storage SDK


In order to address a padding oracle vulnerability in client-side encryption, Microsoft has released an update for the Azure Storage SDK as part of its July 2022 Patch Tuesday patches.

The SDK enables customer-managed keys that are kept in Azure Key Vault or another key store for client-side encryption. The previous SDK release encrypts data using cypher block chaining (CBC) mode. Read More…