New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks

The Hacker News coverage of the Ermetic discovery of a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure.

Rita Rosenblit By Rita Rosenblit
New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks

The Hacker News recently published an article covering the Ermetic discovery of a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure. The vulnerability could be exploited by a malicious actor to completely take control of a targeted application.

The article goes on to describe how ,in a hypothetical attack chain "an adversary could exploit the CSRF vulnerability in the Kudu SCM panel to defeat safeguards put in place to thwart cross-origin attacks by issuing a specially crafted request to the /api/zipdeploy endpoint to deliver a malicious archive (e.g., web shell) and gain remote access."

Read Ravie Lakshmanan's full article on The Hacker News.