
Azure Stack Remote Code Execution Vulnerability - jrudolph
https://www.forbes.com/sites/zakdoffman/2020/01/30/severe-perfect-100-microsoft-flaw-confirmed-this-is-a-cloud-security-nightmare/
======
jrudolph
The article links to [https://portal.msrc.microsoft.com/en-US/security-
guidance/ad...](https://portal.msrc.microsoft.com/en-US/security-
guidance/advisory/CVE-2019-1372) and [https://portal.msrc.microsoft.com/en-
US/security-guidance/ad...](https://portal.msrc.microsoft.com/en-US/security-
guidance/advisory/CVE-2019-1234)

These CVEs only mention Azure Stack, while the Article suggests Microsoft
acknowledged the flaws had also affected Azure public cloud:

> Check Point did not attack the cloud itself, but used the offline Azure
> Stack, a near perfect replica of the cloud environment. With the
> vulnerabilities detected, they then confirmed with Microsoft that the same
> ones would apply to the cloud itself. Yes, said Microsoft, patching the
> holes and paying Check Point a bounty.

