Josh Angell, managing consultant at nVisium, added that since it’s actually based on a two-year-old vulnerability with a patch, he considers Azurescape a lesson learned in the importance of updating services and libraries to ensure they’re running the latest versions with all of the security patches in those services. Angell said it’s imperative for security teams to ensure they update their services and libraries — which was done quickly once this issue became known.

“It’s a well-known tactic that attackers most often identify older versions of services and libraries to research vulnerabilities within those outdated services, making it easier to gain a foothold into the system,” Angell said. “While the situation may be unprecedented, it’s not unprecedented to gain a foothold into a cluster in this manner given it’s a vulnerability that’s existed for over two years.

Read the entire article here!