Researchers have disclosed two flaws in Microsoft s Azure web hosting application service, App Services, which if exploited could enable an attacker to take over administrative servers. Researchers found two vulnerabilities in the cloud service that specifically affect Linux servers. Microsoft has since issued a fix. The vulnerabilities do not have CVE assignments, researchers said. The first flaw stems from an open-source project called KuduLite within the service. This Linux project manages the administration page that’s used to register admins into the App Service Plan.
Source: https://threatpost.com/microsoft-azure-flaws-servers-takeover/159965/