top of page

New Critical “EmojiDeploy” Microsoft Azure Vulnerability

Remote code execution (RCE) flaws allow attackers to submit commands to the vulnerable software and they will be executed with the privileges associated with the application—which typically have high permissions. A new, critical RCE vulnerability was recently discovered that impacts multiple Microsoft Azure-related services.

Liv Matan, an Ermetic researcher, explained that, "The vulnerability is achieved through CSRF (cross-site request forgery) on the ubiquitous SCM service Kudu…By abusing the vulnerability, attackers can deploy malicious ZIP files containing a payload to the victim's Azure application."