Azure Updates: Container Instances vulnerability; On-demand capacity reservations; Open Infrastructure Foundation

September 17 2021

Microsoft announced that it mitigated a vulnerability in Azure Container Instances which could have allowed users to access the data of other customers through the service. The MSRC team wrote:

Our investigation surfaced no unauthorized access to customer data. Out of an abundance of caution we notified customers with containers running on the same clusters as the researchers via Service Health Notifications in the Azure Portal. If you did not receive a notification, no action is required with respect to this vulnerability.

For organizations that did receive a notification, Microsoft recommends revoking privileged credentials deployed before August 31.

Microsoft announced internally that its US Federal team will be moved under EVP Jason Zander, and will begin to operate as its own subsidiary after October 1.

The Open Infrastructure Foundation added Microsoft as a new member. Through the partnership, the two organizations will collaborate on 5G and hybrid cloud. Coming on the heels of Microsoft's 5G partnership with AT&T, the new partnership is accompanied with data indicating that 40 percent of OpenStack users are relying on Azure. "Microsoft is joining this effort to support building the next decade of open infrastructure technology because hybrid cloud is an important element of our technology portfolio. We believe in a variety of clouds: public and private, from hyperscale to edge, each tuned to the unique workloads that our customers need to deliver and we can’t do it without open source. We are here at the OpenInfra Foundation to participate in the community and work together to build and integrate open source technologies to deliver carrier-grade Microsoft Azure for Operators infrastructure," stated Ryan van Wyk, Partner Software Engineering Manager for Azure for Operators at Microsoft.

About MSCN Reporter

More about MSCN Reporter