The article discusses vulnerabilities in the Azure Machine Learning (AML) service, particularly focusing on excessive Storage Account permissions that allow code execution in user-created Jupyter notebooks. It highlights a previously remediated privilege escalation vulnerability and introduces a tool for dumping stored credentials from AML workspaces. Affected: Azure Machine Learning
Keypoints :
- The Azure Machine Learning (AML) service is used for data processing and integrates with other Azure services.
- Security researchers have identified multiple vulnerabilities within the AML service.
- Excessive permissions on Storage Accounts can allow attackers to modify notebooks and execute code without user interaction.
- A previously existing vulnerability allowed privilege escalation from the Reader role to code execution.
- A tool was developed to automate the extraction of stored credential data from AML workspaces.
MITRE Techniques :
- TA0001 – Initial Access: Exploiting excessive Storage Account permissions to gain access to Jupyter notebooks.
- TA0002 – Execution: Modifying notebooks to execute arbitrary code through the AML service.
- TA0003 – Persistence: Injecting code into notebooks to maintain access across executions.
- TA0004 – Credential Access: Using the Get-AzMachineLearningCredentials tool to dump stored credentials from AML workspaces.
- TA0005 – Privilege Escalation: Exploiting the Reader role vulnerability to gain higher privileges.
Indicator of Compromise :
- [Others IoC] Azure Machine Learning service notebooks being modified.
- [Others IoC] Unauthorized access attempts to Azure Storage Accounts.
- [Others IoC] Use of the Get-AzMachineLearningCredentials tool.
- [Others IoC] Anomalous modifications to .ipynb files in Storage Accounts.
- Check the article for all found IoCs.
Full Research: https://www.netspi.com/blog/technical-blog/cloud-pentesting/hijacking-azure-machine-learning-notebooks/