CyberSecurityBoard
Sponsor Register Login

Azure Storage Utility Vulnerability Let Attackers Escalate Their Privileges to Root

The security flaw involves a classic privilege escalation method using a Set User ID (SUID) binary that is part of the AZNFS-mount utility installation, Varonis said in a report shared with Cyber Security News. This utility is designed to mount Azure Storage Account NFS endpoints, enabling users to reliably access Azure Blob storage via NFS when endpoint IP addresses change. A critical security vulnerability in AZNFS-mount, an Azure utility that allows attackers to escalate privileges from an unprivileged user to root on Linux machines. The vulnerability lies in the mount.aznfs binary, which is installed with SUID permissions and uses an insecure C function that can be exploited to execute arbitrary commands with root privileges. “When users execute ‘mount -t aznfs’, this runs the vulnerable binary ‘mount.aznfs’, which calls a script to create the mount point,” explained Varonis researchers in their disclosure published earlier this week. This allows attackers to execute arbitrary commands as root, potentially enabling them to mount additional storage containers, install malware, or move laterally through networks and cloud environments. Organizations using Azure storage should review their security configurations regularly and maintain updated utilities to prevent potential exploitation of vulnerabilities like this one. AZNFS Mount is installed using an installation script (aznfs_install.sh) that runs as the root account, creating binaries that operate with superuser privileges to establish mount points and modify DNAT rules. Azure Blob Storage, one of Microsoft’s most popular cloud storage solutions, supports various access methods, including REST API, SFTP, and NFS protocol. Azure customers using Azure HPC images or utilizing NFS for Azure Storage should immediately enable the utility’s auto-update feature or manually update to the latest version. It’s important to note that access via NFS doesn’t interoperate with other Azure Storage permission models, such as role-based and attribute access controls. The vulnerability centers around the mount.aznfs binary, which is packaged with the 4755 file mode-meaning the SUID bit is activated and anyone can execute it. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 09 May 2025 03:05:00 +0000


Cyber News related to Azure Storage Utility Vulnerability Let Attackers Escalate Their Privileges to Root

Azure Storage Utility Vulnerability Let Attackers Escalate Their Privileges to Root - The security flaw involves a classic privilege escalation method using a Set User ID (SUID) binary that is part of the AZNFS-mount utility installation, Varonis said in a report shared with Cyber Security News. This utility is designed to mount Azure ...
1 week ago Cybersecuritynews.com
What is Azure Identity Protection and 7 Steps to a Seamless Setup - As a result, tools such as Microsoft's Azure Identity Protection have become a staple in protecting against compromised identities, account takeover, and misuse of privileges. Azure Identity Protection is a security service that provides a robust ...
11 months ago Securityboulevard.com
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
1 year ago Blog.checkpoint.com
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs - Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI. The vulnerability was reported by security researchers with Palo Alto's Prisma Cloud. ...
1 year ago Bleepingcomputer.com
Azure Service Tags tagged as security risk, Microsoft disagrees - Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers' private data. Service Tags are groups of IP addresses for a specific Azure service ...
10 months ago Bleepingcomputer.com
CVE-2022-36407 - Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual ...
1 year ago
Azure MACC Credits Gathering Dust? Use Them to Get the Best Prevention-First Security - As we enter 2024, your organization may have unused MACC or Azure commit-to-consume credits as your annual renewal date draws near. Whether you have credits that will soon expire or are starting to plan your Azure spend for the next 12 months, Check ...
1 year ago Blog.checkpoint.com
Microsoft fixes Entra ID authentication issue caused by DNS change - "Between 17:18 UTC and 18:35 UTC on 25 February 2025, customers attempting to authenticate with Microsoft Entra ID using the Seamless SSO and Microsoft Entra Connect Sync features may have experienced DNS resolution failures when trying to access ...
2 months ago Bleepingcomputer.com
How Secure Is Cloud Storage? Features, Risks, & Protection - Cloud storage is a cloud computing model that allows data storage on remote servers operated by a service provider, accessible via internet connections. Cloud storage utilizes remote servers accessed through the internet, while local storage saves ...
1 year ago Esecurityplanet.com
Azure Serial Console Attack and Defense - This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders' preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various ...
1 year ago Msrc.microsoft.com
Signing Executables With Azure DevOps - This signing tool is compatible with all major executable files and works impeccably with all OV and EV code signing certificates. It's mostly used with Azure DevOps due to the benefit of Azure Key Vault. Here, you will undergo the complete procedure ...
1 year ago Feeds.dzone.com
25 Best Cloud Service Providers (Public and Private) in 2025 - Oracle Cloud offers a variety of services, including infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS), to help organizations build, deploy, and run applications in the cloud. Oracle Cloud is a cloud ...
1 week ago Cybersecuritynews.com
Fortifying confidential computing in Microsoft Azure - I wrote about how Microsoft used Intel's secure extensions to its processor instruction sets to provide a foundation for confidential computing in Azure a few years ago. In the years since, the confidential computing market has taken a few steps ...
1 year ago Infoworld.com
Comprehensive Cloud Monitoring Platforms: Ensuring - Platforms for comprehensive cloud monitoring come into play in this situation. In this article, we will explore the significance of comprehensive cloud monitoring platforms and delve into some leading solutions available in the market today. ...
1 year ago Feeds.dzone.com
Explore How Emojideploy Botnet Exploited Microsoft Azure for Remote Code Execution - As cloud computing gains more popularity among businesses, the threat of cyber-attack surfaces to the fore. Microsoft Azure is not immune to security issues, as the recent exploit involving Emojideploy Botnet demonstrates. In this article, we will ...
2 years ago Securityaffairs.com
Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation - Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges. Cybersecurity company SafeBreach said it discovered three ...
1 year ago Thehackernews.com
AWS Root vs IAM User: What to Know & When to Use Them - In Amazon Web Services, there are two different privileged accounts. One is defined as Root User and the other is defined as an IAM User. In this blog, I will break down the differences of an AWS Root User versus an IAM account, when to use one ...
2 years ago Beyondtrust.com
Microsoft: Windows Server hotpatching to require subscription - Microsoft has announced that it will soon introduce paid subscriptions for Windows Server 2025 hotpatching, a service that enables admins to install security updates without restarting. Hotpatching has been available since February 2022 for Windows ...
3 weeks ago Bleepingcomputer.com
Researchers Detailed New Threat-Hunting Techniques to Detect Azure Managed Identity Abuse - As these identities are increasingly implemented across Azure services, they present an expanding attack surface that may allow adversaries to pivot across environments, gain unauthorized access to Microsoft Graph, and extract sensitive data from ...
1 week ago Cybersecuritynews.com Hunters
Top 7 Cloud Storage Security Issues & Risks - Cloud storage security issues refer to the operational and functional challenges that organizations and consumers encounter when storing data in the cloud. Cloud storage risks involve potential external threats and vulnerabilities that jeopardize the ...
1 year ago Esecurityplanet.com
CVE-2024-36963 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago
5 Ways Exabeam Delivers Better Security Outcomes Than Microsoft Sentinel - Security information and event management is one of the most important tools in the fight against cyberthreats, but not all SIEMs are created equal. Native SIEM solutions can be difficult to customize and maintain, and their advertised "Low or free" ...
2 years ago Exabeam.com
CVE-2024-29195 - The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or ...
1 year ago
Microsoft extends Windows Server 2012 ESUs to October 2026 - Microsoft provides three more years of Windows Server 2012 Extended Security Updates until October 2026, giving administrators more time to upgrade or migrate to Azure. The company also prolonged the end date for Windows Server 2012 and extended ...
1 year ago Bleepingcomputer.com
Microsoft Azure Vulnerability – New Security Risk in 2023 - A new Microsoft Azure vulnerability was recently discovered, posing a security risk to companies across the world. Microsoft Azure, a cloud computing platform, is used by businesses to save and host their data and information. With this ...
2 years ago Thehackernews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)