Numerous “ExtraReplica” Bugs In Microsoft Azure Exposed Databases

Researchers have reported multiple bugs dubbed “ExtraReplica” affecting Microsoft Azure. Exploiting the vulnerabilities could allow an adversary to access user databases. Microsoft patched the bugs in time following the bug report.

Microsoft Azure ExtraReplica Bugs

Researchers from Wiz discovered how some Azure vulnerabilities exposed user databases. Collectively named “ExtraReplica”, the bugs existed in the Azure Database for PostgreSQL Flexible Server.

Specifically, PostgreSQL is a fully-managed open-source Database-as-a-Service from Azure, offering “dynamic scalability and simplified developer experience.” It boasts a vast customer base, including multiple large organizations.

Briefly, the researchers highlighted two different bugs that could allow chained exploitation.

The first one included a privilege escalation vulnerability in PostgreSQL, allowing superuser access to the target instances. Hence, an adversary could exploit this bug to execute OS-level commands on the target instance.

Then, while investigating this privilege escalation vulnerability, the researchers noticed that they could also access other customers’ instances. That’s where they noted a second vulnerability that allowed cross-account authentication bypass using a forged certificate.

The researchers have explained the technical details of the vulnerabilities in a recent blog post. Besides, they have also demonstrated the exploit in a video.

Microsoft Deployed The Fix

After discovering the vulnerabilities, the researchers contacted Microsoft to report the matter. They appreciate the tech giant for promptly addressing the issue and deploying quick fixes.

Microsoft has also confirmed patching the vulnerabilities via a separate post. They also explained the impact of the bugs, stating,

All Flexible Server Postgres servers deployed using the public access networking option were impacted with this security vulnerability. Customers using the private access networking option were not exposed to this vulnerability. The Single Server offering of Postgres was not impacted.
Our analysis revealed no customer data was accessed using this vulnerability. Azure updated all Flexible Servers to fix this vulnerability.

The firm also explained that receiving the patches requires no action from the customers. Besides, for additional security, Microsoft recommends customers enable private network access when setting up Flexible Server instances.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients