Cross-site Forgery Bug would Facilitate Remote Code Execution in Microsoft Azure Services
Ermetic research team reported a cross-site request forgery vulnerability software management tool used across multiple Microsoft Azure cloud services.
SCMagazine's Derek Johnson published an article detailing how the Ermetic research team found and reported a cross-site request forgery vulnerability software management tool used across multiple Microsoft Azure cloud services. The vulnerability would allow an attacker to remotely execute code on a victim’s application.
In the article, Johnson explains that "while Microsoft has patched the EmojiDeploy vulnerability, Ermetic researchers recommend a number of steps organizations can take to protect themselves from similar attacks. For instance, deploying least privilege access policies for back-end tools like Kudu that have broad-based privileges across multiple applications and services can help to limit the potential damage of a compromise."
