Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning

On May 9, 2024, Microsoft successfully addressed multiple vulnerabilities within the Azure Machine Learning (AML) service, which were initially discovered by security research firms Wiz and Tenable. These vulnerabilities, which included Server-Side Request Forgeries (SSRF) and a path traversal vulnerability, posed potential risks for information exposure and service disruption via Denial-of-Service (DOS). We conducted a thorough internal investigation to identify any exploitation or compromise of customer resources using these vulnerabilities, and our review uncovered no evidence of exploitation or compromise.

We are disclosing these vulnerabilities in line with our commitment to trust and transparency.This update is for your awareness only; no action is required from customers.  

Microsoft was alerted to the SSRF vulnerabilities by Wiz and Tenable in April 2024. Action by engineering teams led to swift deployment of mitigations by May 9, 2024.  

These vulnerabilities could have allowed unauthorized requests by an HTTP client, potentially including internal IPs. These internal IPs could access AML’s internal Kubernetes infrastructure and expose backend metadata, such as network and pod information, that could be used to disrupt AML service operations. Despite existing security measures, the vulnerabilities bypassed certain validations, highlighting the need for enhanced security controls.

The SSRF attack vector was effectively blocked on May 9, 2024, with the implementation of strict verification of client inputs and HTTP redirects. As part of our ongoing security efforts, we are also evaluating all service-to-service network traffic and will be applying more strict controls on intra-network communication. More broadly, we are also working to enhance defense-in-depth to help other users by collaborating with partner open-source software teams to make it harder to request unauthorized actions without additional metadata.

We value the opportunity to collaborate with Wiz and Tenable and encourage all researchers to work with vendors under Coordinated Vulnerability Disclosure (CVD) and abide by the rules of engagement for penetration testing to avoid impacting customer data while conducting security research. Researchers who report security issues to the Microsoft Security Response Center are also eligible to participate in Microsoft’s Bug Bounty Program.  

Microsoft follows CVD, which systematically and responsibly manages the discovery, reporting, and remediation of security vulnerabilities. CVD allows us to collaborate with researchers and the wider security community in a way that prioritizes user security and system integrity. By following a coordinated approach, we can work with researchers to ensure that potential vulnerabilities are addressed before they’re made public, reducing the risk of exploitation and fostering a secure and transparent ecosystem.