Microsoft has contradicted a Tenable report describing a high-severity vulnerability within Azure Service Tags that could be exploited to facilitate Azure service spoofing and firewall rule bypass, emphasizing service tags' purpose as routing mechanisms that should be used along with validation controls, according to BleepingComputer.
"Service tags are not a comprehensive way to secure traffic to a customer's origin and do not replace input validation to prevent vulnerabilities that may be associated with web request," said Microsoft.
However, such an issue — which also affects Azure DevOps, Azure API Management, Azure Machine Learning, and seven other Azure services — was noted by Tenable researcher Liv Matan to be potentially leveraged by threat actors to compromise private data from Azure clients.
"When configuring Azure services' network rules, bear in mind that Service Tags are not a watertight way to secure traffic to your private service. By ensuring that strong network authentication is maintained, users can defend themselves with an additional and crucial layer of security," said Matan.
