Upcoming Webinar
Understand How Your Peers Approach AD Forest Recovery
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
Unlocking the Secrets of App Security!
In this episode of UnplugIT, Stephen Rose talks to IT expert and technology engineer Sean Hurley about how to secure apps in the cloud.
Essential Eight + Microsoft 365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.
UK Ransomware Guidelines + M365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.

Microsoft Patches Critical XSS Flaws in Azure HDInsight Analytics Service

Key takeaways:

Eight critical cross-site scripting (XSS) vulnerabilities were identified in Microsoft’s Azure HDInsight service, posing potential threats to data security and user privacy.

Security researchers identified inadequate input sanitization and output encoding as the root causes of these vulnerabilities.

Microsoft released patches to address these vulnerabilities in August Patch Tuesday updates. It’s also recommended to implement best security practices, including input validation and the principle of least privileges.

Microsoft has recently patched eight cross-site scripting (XSS) vulnerabilities impacting Azure HDInsight. These vulnerabilities could have allowed unauthorized access, session hijacking, and the deployment of malicious code.

Azure HDInsights is a fully managed service that lets organizations use open-source frameworks for big data analytics, management, and processing. They can use the frameworks to create optimized clusters for Apache Spark, Apache Kafka, Hadoop, HBase, and Interactive Query (LLAP) on Microsoft Azure. The service provides Azure Monitor logging integration to let IT admins monitor HDInsight clusters.

In a recent report, Orca Security published details about eight critical vulnerabilities in various Apache services in Azure HDInsight. These were cross-site scripting (XSS) vulnerabilities that could be exploited to hack Web sessions and steal user data. Cross-site scripting (XSS) is a type of attack that lets hackers execute malicious code within a victim’s browser.

“All 8 XSS vulnerabilities discovered in various platforms and components in Azure HDInsight primarily resulted from the lack of proper input sanitization. This omission allowed malicious characters to be rendered once the dashboard was loaded, demonstrating inadequate output encoding that fails to neutralize these characters when rendered,” Orca explained.

How can IT admins reduce exposure to XSS vulnerabilities?

Last month, Microsoft released August Patch Tuesday updates to address the security flaws in enterprise environments. However, customers would need to update their Azure HDInsight instances to apply the security patches.

It’s highly recommended that organizations should follow best security practices to block XSS attacks in corporate environments. These include performing input validation and output encoding, implementing a Content Security Policy (CSP), as well as applying the principle of least privileges.

by Rabia Noureen
Sep 18, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
The Dirty Truth About IT Offboarding Automation

Jul 21, 2023
Aug 25, 2023
Five Tactics Towards Achieving Zero Trust with Azure Active Directory

Aug 29, 2023
Feb 01, 2024

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.