Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances (ACI) services that could have been weaponized by a malicious actor "to access other customers' information" in what the researchers described as the "first cross-account container takeover in the public cloud."

An attacker exploiting the weakness could execute malicious commands on other users' containers, steal customer secrets and images deployed to the platform. The Windows maker did not share any additional specifics related to the flaw, save that affected customers "revoke any privileged credentials that were deployed to the platform before August 31, 2021."


Azure Container Instances is a managed service that allows users to run Docker containers directly in a serverless cloud environment, without requiring the use of virtual machines, clusters, or orchestrators.

Palo Alto Networks' Unit 42 threat intelligence team dubbed the vulnerability "Azurescape," referring to how an attacker can leverage the cross-tenant technique to escape their rogue ACI container, escalate privileges over a multitenant Kubernetes cluster, and take control of impacted containers by executing malicious code.

Breaking out of the container, the researchers said, was made possible due to an outdated container runtime used in ACI (runC v1.0.0-rc2), thereby making it possible to exploit CVE-2019-5736 (CVSS score: 8.6) to escape the container and get code execution with elevated privileges on the underlying host.

Microsoft said it notified select customers with containers running on the same Kubernetes cluster as that of the malicious container created by Palo Alto Networks to demonstrate the attack. The cluster is said to have hosted 100 customer pods and about 120 nodes, with the company stating it had no evidence bad actors had abused the flaw to carry out real-world intrusions, adding its investigation "surfaced no unauthorized access to customer data."


The disclosure is the second Azure-related flaw to come to light in a span of two weeks, the first one being a critical Cosmos database flaw that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization.

"This discovery highlights the need for cloud users to take a 'defense-in-depth' approach to securing their cloud infrastructure that includes continuous monitoring for threats — inside and outside the cloud platform," Unit 42 researchers Ariel Zelivanky and Yuval Avrahami said. "Discovery of Azurescape also underscores the need for cloud service providers to provide adequate access for outside researchers to study their environments, searching for unknown threats."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.