Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Warns IT Admins to Block Shared Key Access in Azure Storage Accounts

Security researchers have discovered a design flaw in Microsoft Azure. The vulnerability could enable threat actors to get access to storage accounts and gain full control of the environment.

According to Orca Security researchers, the design flaw exists in a mechanism known as Shared Key authorization. Shared Key authorization is enabled by default while creating storage accounts, and it can be exploited easily.

Microsoft claims that Azure automatically generates two 512-bit storage account access keys while setting up a storage account. The access keys, which are utilized for granting data access, have a total length of 512 bits. The data access can be provided either via Shared Key authorization or with SAS tokens signed with the shared key.

Orca Security found that threat actors could manipulate Azure Functions to steal access tokens of highly privileged identities. This means that a hacker who gains access to the Storage Account Contributor role could potentially access sensitive business assets, and execute remote code (RCE) on virtual machines.

“At this point stealing credentials and Escalating Privileges, as scary as it may sound, is fairly easy. Once an attacker locates the Storage Account of a Function App that is assigned with a strong managed identity, it can run code on its behalf and as a result acquire a subscription privilege escalation (PE),” Orca Security explained.

Microsoft Warns IT Admins to Disable Shared Key Access in Azure Storage Accounts

Microsoft: Shared Key authorization is a “by-design flaw” in Azure Storage accounts

The Microsoft Security Response Center investigated the problem and concluded that it’s a design flaw rather than a security issue. Microsoft recommends that IT admins should disable Azure Shared Key authorization and switch to Azure Active Directory authentication instead.

Microsoft also plans to disable shared access signature authorization by default for new storage accounts. However, there is currently no information available on the timeline for this update. Meanwhile, Microsoft recommends IT admins to learn more about how to use identity-based authorization for Azure Storage accounts.

by Rabia Noureen
Apr 12, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
Five Tactics Towards Achieving Zero Trust with Azure Active Directory

Aug 29, 2023
Feb 01, 2024
Webinar: Learn How to Keep Critical Web Apps Online and Sensitive Data Secure

May 9, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.