On Sept. 8, Microsoft announced that it had fixed a vulnerability in Azure Container Instances (ACI) that could have let users access other customers' information in the ACI. ACI allows a developer to deploy containers without orchestration.
- The vulnerability dubbed "Azurescape" was identified by researchers from Palo Alto Networks.
- Microsoft has stated that there is no indication any customer data was accessed due to the vulnerability.
- It has also advised customers who received notifications to revoke privilege credentials deployed before Aug. 31 as a precautionary measure.
- Separate but related: ChoasDB, another vulnerability in Azure's Cosmos DB that could have been used to read, write and delete data to any Cosmos DB instance on Azure, was discovered by Wiz.