Microsoft Alert: Serious Flaw in Azure Container Instances'Azurescape' Container Escape Technique Could Expose Azure Container Instances
Microsoft has disclosed details of a vulnerability that researchers at Palo Alto Networks have named "Azurescape" because the attacks start from a container escape technique. The flaw affects Microsoft's Azure Container Instances service and "could potentially allow a user to access other customers' information in the ACI service," Microsoft says.
Microsoft adds that its initial investigation found no instance of unauthorized access to customer data by exploiting this vulnerability. It says that potential customers who share the same clusters as the researchers who reported the vulnerability have been notified through the Service Health Notifications in their respective Azure.
Microsoft says the vulnerability has been fixed from its end and does not require any action from the user's side. As a precautionary measure, however, Microsoft advises its users to "revoke any privileged credential(s) that were deployed to the platform before Aug. 31."
The Azurescape Vulnerability
The container instances flaw was first discovered and reported to Microsoft in July by cybersecurity firm Palo Alto Networks under its Coordinated Vulnerability Disclosure program.
Palo Alto Networks' blog gives an overview of the Azurescape vulnerability, saying, "It's possible the vulnerability existed from ACI's inception, so there is a chance that some organizations were affected." It also confirmed that the flaw even affected the ACI containers in Azure Virtual Networks.
"ACI is built on multitenant clusters that host customer containers. Originally those were Kubernetes clusters, but over the past year Microsoft started hosting ACI on Service Fabric clusters as well. Azurescape only affects ACI on top of Kubernetes," Palo Alto Networks says.
Yuval Avrahami, the Unit 42 cloud researcher at Palo Alto Networks who discovered Azurescape, tells Information Security Media Group that "Azurescape is a three-step attack. The first step was exploiting a known vulnerability - an infamous 2019 vulnerability in runC [known as industry standard container runtime], tagged under CVE-2019-5736."
Avrahami discovered and authored the CVE-2019-5736 flaw while doing other research at Palo Alto Networks and decided to use this exploit when he saw that the runC version used in Microsoft's ACI was the same vulnerable v1.0.0-rc2. "Once we deployed the exploit to the ACI, we successfully broke out of our container and gained a reverse shell running as root on the underlying host, which turned out to be a Kubernetes node," he says.
The next two steps in the attack include gaining administrative privileges over a multitenant Kubernetes cluster and then taking control of affected containers by executing a malicious code, Avrahami says.
Palo Alto Networks has demonstrated the attack in a video, and the security research duo of Avrahami and Ariel Zelivanky summarizes the technical steps as follows:
- First, deploy an image exploiting CVE-2019-5736 to ACI. The malicious image breaks out upon execution and establishes code execution on the underlying node.
- On the node, monitor traffic on the Kubelet port - port 10250 - and wait for a request that includes a JWT token in the Authorizationheader.
- Issue az container exec to run a command on the uploaded container. The bridge pod will now send an exec request to the Kubelet on the compromised node.
- On the node, extract the bridge token from the request's Authorization header and use it to pop a shell on the api-server.
Another method the researchers found to gain admin-level privileges of the cluster is through a server-side request forgery vulnerability in the bridge pod. In a separate video, the researchers say that this method has the same level of impact as the one described above.
For mitigation from similar unknown future threats, Microsoft says its Azure customers should follow best security practices as prescribed in its Azure Container Instances Security Baseline and Considerations guideline documents. Also, revoking privileged credentials on a frequent basis and following security notifications on its Service Health channel is highly recommended, Microsoft says.
Palo Alto Networks recommends the following measures to avoid similar future attacks on Kubernetes environments:
- Keep cluster infrastructure up to date with latest patches.
- Do not send privileged service accounts tokens to anyone but the api-server. If a recipient of this token is compromised, an attacker can pretend to be the token owner.
- Enable the BoundServiceAccountTokenVolume feature to ensure token expiration is bound to its pod. Using this feature, the token is no longer valid if the pod terminates, reducing the chances of token theft.
- Deploy policy enforcers to monitor and prevent suspicious activity in your clusters.
"Microsoft acknowledged the vulnerabilities [and both methods of attack] we discovered in its code, and the patch was applied to all of ACI's clusters," Avrahami tells ISMG.
Microsoft declined to provide further technical details about the Azurescape vulnerability when asked by ISMG. Avrahami was rewarded with two bug bounties of undisclosed sums for this discovery, a Palo Alto Networks spokesperson confirmed.
Another Azure-Related Flaw
This is the second instance in two weeks in which Microsoft has acknowledged findings of a major flaw in its Azure product. In August, Microsoft disclosed an Azure Cosmos DB takeover vulnerability that it said affected 30% of the Azure customers (see: Azure Database Service Flaw Could Affect Thousands of Firms).
Referring to the two instances, Kevin Beaumont, head of the security operations center at U.K. fashion retailer Arcadia, tweeted that Microsoft's "security threat model appears to be hope only good guys who report vulnerabilities abuse the system, as bad guys wouldn't report it."
Another Azure container issue. The security threat model appears to be hope only good guys who report vulns abuse the system, as bad guys wouldn't report it. https://t.co/M8PCh6uT1P— Kevin Beaumont (@GossiTheDog) September 8, 2021