Microsoft Azure ‘ExtraReplica’ Vulnerability: Here’s What MSSPs Need to Know

Credit: Getty Images

Wiz, a cloud security company launched by Microsoft veterans, had discovered an Azure vulnerability that allows malicious actors to replicate and gain read access to PostgreSQL Flexible Server customer databases. The company originally disclosed the vulnerability, dubbed “ExtraReplica,” to Microsoft in January 2022.

To exploit ExtraReplica, a malicious actor can:

  1. Choose a target PostgreSQL Flexible Server.
  2. Retrieve their target’s common name from the Certificate Transparency feed and purchase a specially crafted certificate from DigiCert or a DigiCert Intermediate Certificate Authority.
  3. Locate their target’s Azure region by resolving the database domain name and matching it to an Azure public IP range and creating an attacker-controlled database in their target’s Azure region.
  4. Exploit the vulnerability to escalate privileges across an instance or scan a subnet for a target instance to gain read access.

Microsoft confirmed that ExtraReplica has been mitigated and no action is required by Azure customers. In addition, Microsoft indicated it is not aware of any attempts to exploit the vulnerability.

Wiz Raises $250 Million in Funding, Valued at $6 Billion

The ExtraReplica discovery comes after Wiz in October 2021 received $250 million in a Series C funding round and at a $6 billion valuation. Wiz is using the funding to expand its global workforce and operations, the company indicated.

Wiz offers a cloud security platform that organizations can use to perform risk assessments across their entire security stack. It has earned “tens of millions” of dollars in revenue to date, CEO Assaf Rappaport told Bloomberg, and looks poised to capitalize on a growing global cloud security services market.

Meanwhile, Wiz currently partners with Amazon Web Services (AWS), Microsoft and Google Cloud Platform. As Wiz expands, it may explore new partnership opportunities and promote its platform to MSPs and MSSPs that offer multi-cloud security services.

Cloud Security Posture Management (CSPM) for MSPs and MSSPs

Meanwhile, MSPs and MSSPs focused on cloud workloads must navigate more than vulnerabilities. Another key risk area involves customers misconfiguring their cloud workloads.

Amid that backdrop, the Cloud Security Posture Management (CSPM) Market is surging, expected to more than double from $4.2 billion in 2022 to $8.6 billion by 2027 at a CAGR (compound announce growth rate) of 15.3%, a new market assessment said.

CSPM tools allow managed security services providers (MSSPs) and end-customers to monitor and properly configure Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform and other public cloud workloads. Misconfiguration affects organizations of all sizes and can result in significant financial losses.

The segment is one of the fastest growing cybersecurity services and solutions offered by MSSPs with the services component’s growth expected to exceed that of the entire market, according to a report by MarketsandMarkets. In fact, more than 40 percent of MSSP Alert’s TOP 250 MSSP for 2021 survey participants offer CSPM to the end user customers.

Return Home

No Comments

Leave a Reply

Your email address will not be published.