Microsoft recently reported that they have mitigated a vulnerability that was reported in July by security researchers from Palo Alto. This vulnerability impacts the Azure Container Instances feature that allows azure users to deploy containers without the need for Kubernetes or some sort of Linux VM running the docker software to host the container. It does not affect Azure Kubernetes Service (AKS) nor container software running on virtual machines.
The researchers from Palo Alto who discovered the vulnerability were able to eventually gain access to an entire cluster running multiple container instances. The cluster also had access to docker image registries from other customers. This is the first known attack on a cloud provider to use container escape to gain access to other user’s data or containers. The Azure container instances backend used code that had not been updated to patch a known vulnerability. Unfortunately, there is no way to know ahead of time which Azure ACI users or organizations leverage the same cluster as an attacker’s container, however, an attacker could repeatedly deploy malicious containers to find clusters have their targets containers or simply steal sensitive data from any containers they gain access to.
In a blog post from its security response team, Microsoft said it had fixed the flaw reported by Palo Alto Networks and it had no evidence malicious hackers had abused the technique. However, Microsoft said it had notified customers who shared the same cluster with the researchers and recommended that they change any credentials that may have been exposed to the containers.
“Microsoft’s investigation surfaced no unauthorized access to customer data. Out of an abundance of caution we notified customers with containers running on the same clusters as the researchers via Service Health Notifications in the Azure Portal”.
From the Microsoft vulnerability disclosure:
If you did not receive a notification, no action is required with respect to this vulnerability.
Part of any robust security posture is working with researchers to help find vulnerabilities, so we can fix any findings before they are misused. We want to thank Palo Alto Networks who reported this vulnerability and worked with the Microsoft Security Response Center (MSRC) under Coordinated Vulnerability Disclosure (CVD) to help keep Microsoft customers safe.
Which Azure Container Instances accounts were potentially affected?
There is no indication any customer data was accessed due to this vulnerability. Out of an abundance of caution, notifications were sent to customers potentially affected by the researcher activities, advising they revoke any privileged credential that were deployed to the platform before August 31, 2021.
If you did not receive a Service Health Notification, no action is required. The vulnerability is fixed and our investigation surfaced no unauthorized access in other clusters. If you are unsure whether your subscription or organization has received a notification, please contact Azure Support. If you have any concerns, rotating privileged credentials is a good periodic security practice and would be an effective precautionary measure.
The discovery has underscored the importance of shared responsibility between cloud providers and customers for security. It also underscores how important it is to use container security features to limit the potential impact of an attacker gaining access to your container. At minimum I’d recommend:
- Scan your docker images using a managed docker image registry and use tooling to scan your container images for vulnerabilities. Defender for container registries can be integrated with Azure Security Center to scan all images in your registry. It will look at any new images as well as scan images that have been added for the past 30 days.
- Leverage docker features to ensure applications in your container are not running as root (or equivalent)
- Making sure you’re removing all unnecessary binaries from your container images
- Use Azure Monitor to look for changes on your containers for run time deviations. The whole point of containers is that they’re uniform and immutable. If you suddenly see your container spawn a new binary that is unexpected, you should assume it’s compromised, capture forensic information, and remove the container.
For a complete list of security considerations for Azure Container Instances:
Introduction to Azure Defender for container registries
Use Azure Defender for container registries to scan your images for vulnerabilities