Burning Data with Malicious Firewall Rules in Azure SQL
Published Tue, Apr 15th, 2025
Platforms
Summary
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
Affected Services
Azure SQL Server
Remediation
None required. Microsoft has fully patched the vulnerability as of April 09, 2025.
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Mon, Aug 5th, 2024
Exploitability Period
Until 2025/04/09
Known ITW Exploitation
-
Detection Methods
Monitor for unusual firewall rule creation or modification in Azure SQL Servers, especially rules with suspicious names or IP ranges of 0.0.0.0.
Piercing Index Rating
-
Discovered by
Coby Abrams, Varonis Threat Labs
