Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Acknowledges “AutoWarp” Critical Security Vulnerability Affecting Azure Automation Service

Microsoft has addressed a new critical security vulnerability in its Azure Automation service. The exploit labeled “AutoWarp” was mitigated in December 2021, and the company confirmed that it could enable malicious actors to get access to the data and resources of other Azure customers.

The cross-tenant vulnerability was first discovered by a researcher at Orca Security and reported to Microsoft on December 6, 2021. Essentially, the AutoWarp flaw allows threat actors to access the Managed Identities tokens of other tenants.

“Someone with malicious intentions could’ve continuously grabbed tokens, and with each token, widen the attack to more Azure customers,” explained Yoav Alon, CTO at Orca Security. “This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer.”

Microsoft Azure Automation is a popular service that lets organizations create, deploy, monitor, as well as maintain their cloud resources. It helps users save time and resources by making it easier to automate their repetitive management tasks. The Azure Automation service provides several features and capabilities such as process automation, configuration, and update management.

Microsoft patched the AutoWarp security flaw in December 2021

The AutoWarp security flaw potentially exposed several Azure customers, and the list includes accounting firms, a banking conglomerate, a global telecom company, car manufacturers, and more. The Redmond giant released a patch on December 10 that fixed the security flaw by preventing unauthorized access to authorization tokens to all sandbox environments.

Microsoft claims that it has not found any evidence that these tokens have been exploited by threat actors in malicious attacks. However, all Azure Automation service users that may have been affected by the AutoWarp vulnerability have been notified, and the company is recommending customers follow the security guidelines available on this support page.

by Rabia Noureen
Last Update: Mar 10, 2022
Mar 8, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Top Azure Cloud Security Controls to Understand

Oct 31, 2023
Jan 08, 2024
Making Microsoft Azure Penetration Testing Work to Combat Threats

Nov 21, 2023
Azure VMware Solution – Maximizing Security and Control with Customer-Managed Keys

Oct 3, 2023
Oct 10, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.