Microsoft Healthcare Chatbot Vulnerabilities
Published Mon, Jan 1st, 2024
Platforms
Summary
Multiple vulnerabilities in Microsoft's Azure Health Bot service were discovered, allowing access to sensitive infrastructure and confidential medical data. Issues included sandbox escapes, unrestricted code execution, access to authentication secrets, cross-tenant data exposure, and unauthorized deletion of resources. Microsoft quickly patched the vulnerabilities and restructured the service architecture for improved security.
Affected Services
Azure Health Bot
Remediation
None required
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
-
Exploitability Period
-
Known ITW Exploitation
-
Detection Methods
Monitor for unusual access patterns or data requests in Azure Health Bot service. Implement logging and auditing for authentication and data access events. Regularly review and update access controls and sandbox configurations.
Piercing Index Rating
-
Discovered by
Yanir Tsarimi, Breachproof
