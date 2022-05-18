Tenable boss accuses Microsoft of putting Azure customer safety at risk
Microsoft has been accused of a lack of transparency in its vulnerability practices, with the security outfit Tenable claiming these practices put the software giant's customers at risk.
Tenable chairman and chief executive Amit Yoran said in a blog post that his company had discovered two flaws, one of which it considered critical, in Microsoft's Azure platform, both in the Synapse Analytics part of Azure.
Synapse Analytics is used for machine learning, data aggregation and similar computational tasks.
One of these flaws was a privilege escalation flaw with the context of a Spark VM. The second allowed the poisoning of the hosts file on all nodes in a Spark pool.
Yoran wrote that Microsoft decided to silently patch the privilege escalation flaw, while downplaying the risk. "It was only after being told that we were going to go public, that their story changed… 89 days after the initial vulnerability notification… when they privately acknowledged the severity of the security issue. To date, Microsoft customers have not been notified," he added.
-
- Login or register to post comments
- Printer-friendly version
- 222 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
IPFire Linux Firewall Distro Improves Its Intrusion Prevention System and Security
IPFire 2.27 Core Update 168 is here one and a half months after the Core Update 167 release to further improve the Intrusion Prevention System (IPS) of the Linux firewall distro by allowing users to individually enable the monitoring mode for each ruleset provider, making parsing and restructuring of changed or updated rulesets faster, as well as support for the downloader to automatically check if a ruleset was updated or not on its providers’ server.
today's leftovers
Programming Leftovers
Security Leftovers
Recent comments
1 min ago
4 hours 17 min ago
4 hours 18 min ago
6 hours 30 min ago
7 hours 23 min ago
9 hours 2 min ago
12 hours 18 min ago
12 hours 32 min ago
12 hours 34 min ago
13 hours 6 min ago