Microsoft has sent out a patch for a vulnerability in its Azure PostgreSQL service. According to researchers who published an advisory on the “ExtraReplica” flaw, it could allow a threat actor to exploit the bug and execute malicious code to take over a system.
Found by the security firm Wiz Research, the ExtraReplica flaw in Azure PostgreSQL is a database vulnerability. In an advisory published this week, the team says the bug could leave to exploit on Microsoft Azure cloud services.
“This vulnerability allows unauthorized read access to other customers’ PostgreSQL databases, bypassing tenant isolation. If exploited, a malicious actor could have replicated and gained read access to Azure PostgreSQL Flexible Server customer databases.”
According to the researchers, ExtraReplica is a “chain” of flaws in PostgreSQL that an attacker could exploit to bypass the tenant isolation in Azure. The base of an attack would be exploiting a vulnerability that attackers could exploit and gain access to PostgreSQL databases without needing authorized access.
Attack
When the threat actor picks a Flexible Server to attack on PostgreSQL, they will need to find the relevant Azure region for the victim. This can be done by matching the database domain name to the Azure public IP.
The attacker then creates a database in the same region as the target system. One of the vulnerabilities allows the attacker to create superuser privileges that allow them to execute code. The next flaw is in the certificate authentication which allows the attack to replicate it to gain wider access.
Microsoft has known about the bug since January and was able to replicate the flaw. Wiz was given a $40,000 bug bounty for finding the vulnerability and Microsoft rolled out a fix back on February 25. Microsoft says there have been no recorded exploits in the wild.
Tip of the day: Do you sometimes face issues with Windows search where it doesn’t find files or return results? Check our tutorial to see how to fix Windows search via various methods.