The list covers a wide range of Microsoft products including Hyper-V, Azure Data Studio, Microsoft Edge, Microsoft Office, Microsoft Teams for Android, Windows Kernel, and many more.
Orca has discovered three new vulnerabilities within various Azure HDInsight third-party services, including Apache Hadoop, Spark, and Kafka. These services are integral components of Azure HDInsight, a widely used managed service offered within the Azure ecosystem. Two of the vulnerabilities could have led to Privilege Escalation (PE) and one could have been used to cause […]
Feb 06, 2024NewsroomVulnerability / Cloud Security Three new security vulnerabilities have been discovered in Azure HDInsight’s Apache Hadoop, Kafka, and Spark services that could be exploited to achieve privilege escalation and a regular expression denial-of-service (ReDoS) condition. “The new vulnerabilities affect any authenticated user of Azure HDInsight services such as Apache Ambari and Apache Oozie,” […]
Users are advised to avoid exposing Azure CLI output in logs, regularly rotate keys and secrets, and review best practices for securing Azure Pipelines and GitHub Actions to prevent accidental exposure of sensitive information.
New virtual machines for Microsoft Azure allow developers to create generative AI apps that can be scaled to work with thousands of Nvidia H100 GPUs. The ND H100 v5 VM series on Azure, which works in tandem with Quantum-2 InfiniBand networking, boosts the performance of large-scale deployments by companies such as OpenAI, creators of the […]