* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* What You Need to Know Abo...

# What You Need to Know About Azurescape

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F09%2Fazurescape%2F)  
[](https://twitter.com/share?text=What+You+Need+to+Know+About+Azurescape&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F09%2Fazurescape%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F09%2Fazurescape%2F&title=What+You+Need+to+Know+About+Azurescape&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2021/09/azurescape/&ts=markdown)  
\[\](mailto:?subject=What You Need to Know About Azurescape)  
Link copied  
By [Ariel Zelivansky](https://www.paloaltonetworks.com/blog/author/ariel-zelivansky/?ts=markdown "Posts by Ariel Zelivansky") and [Yuval Avrahami](https://www.paloaltonetworks.com/blog/author/yuval-avrahami/?ts=markdown "Posts by Yuval Avrahami")  
Sep 09, 2021  
6 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Azurescape](https://www.paloaltonetworks.com/blog/tag/azurescape/?ts=markdown)  
[Container Security](https://www.paloaltonetworks.com/blog/tag/container-security/?ts=markdown)  
[Containers](https://www.paloaltonetworks.com/blog/tag/containers/?ts=markdown)  
[microsoft](https://www.paloaltonetworks.com/blog/tag/microsoft/?ts=markdown)  
[Microsoft Azure](https://www.paloaltonetworks.com/blog/tag/microsoft-azure/?ts=markdown)  
[Prisma Cloud](https://www.paloaltonetworks.com/blog/tag/prisma-cloud/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2021/09/azurescape/?lang=ja "Switch to Japanese(日本語)")

The Unit 42 Threat Intelligence team has identified the first known vulnerability that could enable one user of a public cloud service to break out of their environment and execute code on environments belonging to other users in the same public cloud service. This unprecedented cross-account takeover affected Microsoft's Azure Container-as-a-Service (CaaS) platform. Researchers named the finding [Azurescape](https://unit42.paloaltonetworks.com/azure-container-instances) because the attack started from a container escape -- a technique that enables privilege escalation out of container environments.

Microsoft took swift action to fix the underlying issues as soon as we reported them to the Microsoft Security Response Center (MSRC). We're not aware of any Azurescape attacks in the wild, but it is possible that a malicious user of the [Azure Container Instances](https://azure.microsoft.com/en-us/services/container-instances/) (ACI) platform could have exploited the vulnerability to execute code on other customers' containers, without any prior access to their environment.

Azurescape allows an ACI user to gain administrative privileges over an entire cluster of containers. From there, the user could take over the impacted multitenant clusters to execute malicious code, steal data or sabotage the underlying infrastructure of other customers. The attacker could gain complete control over Azure's servers that host containers of other customers, accessing all data and secrets stored in those environments.

## **What Azurescape Tells Us About Cloud Security**

Public clouds operate on a concept known as multitenancy. Cloud service providers build environments that host multiple organizations (or "tenants") on a single platform, providing secure access to each while leveraging unprecedented economies of scale by building massive cloud infrastructures.

While cloud providers invest heavily in securing these multitenant platforms, it's [long been seen as inevitable](https://media.defense.gov/2020/Jan/22/2002237484/-1/-1/0/CSI-MITIGATING-CLOUD-VULNERABILITIES_20200121.PDF) that unknown "zero-day" vulnerabilities could exist and put customers at risk of attack from other instances within the same cloud infrastructure.

This discovery highlights the need for cloud users to take a "defense-in-depth" approach to securing their cloud infrastructure that includes continuous monitoring for threats -- inside and outside the cloud platform. Discovery of Azurescape also underscores the need for cloud service providers to provide adequate access for outside researchers to study their environments, searching for unknown threats.

As part of the commitment of Palo Alto Networks to advancing public cloud security, we actively invest in research that includes advanced threat modeling and vulnerability testing of public cloud platforms and related technologies.

We'd like to recognize Microsoft for setting a great example for other vendors through its industry-leading program for working with outside researchers, which puts security first and allows external penetration testing across Azure. Cooperative security research is vital for advancing and protecting the ongoing development of cloud services that spur innovation. We'd also like to thank MSRC for presenting us with bounty awards.

## **Questions and Answers About Azurescape**

For a deep dive into how we discovered Azurescape, we encourage you to read the full report on the Unit 42 blog, "[Finding Azurescape -- Cross-Account Container Takeover in Azure Container Instances](https://unit42.paloaltonetworks.com/azure-container-instances)." Here are a few quick facts on how Azurescape works and what to do if you are affected:

### Was I Affected?

We have no knowledge of Azurescape being exploited in the wild. It's possible the vulnerability existed from ACI's inception, so there is a chance that some organizations were affected. Azurescape also affected ACI containers in ​​[Azure Virtual Networks](https://docs.microsoft.com/en-us/azure/container-instances/container-instances-vnet).

ACI is built on multitenant clusters that host customer containers. Originally those were [Kubernetes](https://kubernetes.io/) clusters, but over the past year Microsoft started hosting ACI on [Service Fabric](https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-overview) clusters as well. Azurescape only affects ACI on top of Kubernetes. We don't know of a way to check whether a past ACI container ran on top of Kuberntetes. If you have an existing container, you can run the following command to check whether it runs on top of Kubernetes:

az container exec -n \<container-name\> --exec-command "hostname"

If the output starts with wk-caas and the container started running before Aug. 31, 2021, it could have been attacked by Azuresape.

### What Should I Do if I Think I Was Affected?

If you have privileged credentials deployed to the platform, we recommend rotating them and checking their access logs for suspicious activity.

A cloud native security platform such as Prisma Cloud can provide visibility into this type of activity and alert where appropriate.

### How Do the Attacks Work?

Azurescape is a three-step attack. First, the attacker must break out of their ACI container. Second, they gain administrative privileges over a multitenant Kubernetes cluster. Third, they can take control of impacted containers by executing malicious code.

Our research started with [WhoC](https://github.com/twistlock/whoc), a container image that uncovers the underlying container runtime of cloud platforms. Through WhoC, we discovered it was possible to escape ACI containers through CVE-2019-5736, a [two-year-old vulnerability in runC](https://unit42.paloaltonetworks.com/breaking-docker-via-runc-explaining-cve-2019-5736/). We were then able to identify two different methods to gain code execution on the cluster's brain, the [api-server](https://kubernetes.io/docs/concepts/overview/components/#kube-apiserver).

With code execution on the api-server, we had complete control over the multitenant cluster. We could execute code on customer containers, exfiltrate customer secrets deployed to ACI and possibly even abuse the platform infrastructure for cryptomining.

### Do You Expect More Cross-Account Takeover Vulnerabilities to Emerge?

The rapid acceleration of the shift to the cloud that has occurred in the past few years has made these platforms a prized target for malicious actors. While we've long been focused on identifying new cloud threats, discovery of the first cross-account container takeover underscores the importance of that effort. Sophisticated attackers may not be satisfied with targeting end users, and may expand their campaigns to the platforms themself to increase impact and reach.

### Is There Any Way I Can Prepare for Similar Vulnerabilities That Might Emerge?

Cloud users are encouraged to adopt a "defense-in-depth" approach to cloud security to ensure breaches are contained and detected, whether the threat is from the outside or from the platform itself. A combination of [shift-left security](https://www.paloaltonetworks.com/blog/2019/07/4-practical-steps-shift-left-security/) and runtime protection and anomaly detection presents the best chance of combating similar cross-account attacks.

The best way to prevent attacks on any cloud environment is to implement a comprehensive cloud native security platform such as Prisma Cloud, which is able to detect and mitigate malicious behavior as well as identify vulnerabilities in cloud environments. Learn how [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud) can secure infrastructure, applications and data across hybrid and multicloud environments.

***To learn more about Azurescape, join a webinar with Ariel Zelivansky and Yuval Avrahami, "*** [***Azurescape: What to Know About the Microsoft ACI Vulnerability***](https://register.paloaltonetworks.com/azurescapemircosoftmci)***."***

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### New Cloud Threat Research on Software Supply Chain Attacks](https://www2.paloaltonetworks.com/blog/2021/09/cloud-supply-chain-attacks/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Unit 42 Discovers First Known Malware Targeting Windows Containers](https://www2.paloaltonetworks.com/blog/2021/06/siloscape-malware-windows-containers/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Prisma Cloud Further Extends Host and Container Security](https://www2.paloaltonetworks.com/blog/2021/01/cloud-host-container-web-app-api-release/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security/?ts=markdown)

[#### Uncovering FabricScape](https://www2.paloaltonetworks.com/blog/2022/06/fabricscape/)

### [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Unit 42 Discloses Newly Discovered Vulnerabilities in GKE Autopilot](https://www2.paloaltonetworks.com/blog/2022/03/gke-autopilot-vulnerabilities/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### The Palo Alto Networks Full-Court Defense for Apache Log4j](https://www2.paloaltonetworks.com/blog/2021/12/defense-for-apache-log4j/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language