Ethical Hacking News
Hybrid clouds have long been touted as a means to harness the benefits of both on-premises and cloud-based infrastructure. However, recent research has exposed critical vulnerabilities in hybrid cloud management tools that could potentially compromise security.
Israeli researchers Ilan Kalendarov and Ben Zamir discovered vulnerabilities in Microsoft's Windows Admin Center (WAC) that could compromise the security of organizations using hybrid cloud management tools. The vulnerabilities were found to be related to the design of WAC, including a lack of write-protection for the on-prem version and insufficient validation of POP tokens used by both versions. A moderate-severity vulnerability was identified with a CVSS score of 7.8, indicating a potential attack surface that organizations operating hybrid clouds should monitor closely. Microsoft has published patches for the identified vulnerabilities, addressing the issue but highlighting the need for closer scrutiny of hybrid cloud management tools.
Hybrid clouds have long been touted as a means to harness the benefits of both on-premises and cloud-based infrastructure. However, recent research by Israeli researchers Ilan Kalendarov and Ben Zamir has shed light on a critical vulnerability in hybrid cloud management tools that could potentially compromise the security of organizations relying on such systems.
According to Kalendarov and Zamir, who presented their findings at the Black Hat Asia conference in Singapore, Microsoft's Windows Admin Center (WAC) is particularly vulnerable due to its design. WAC offers two versions: a cloudy version hosted in Azure and an on-prem edition. The researchers discovered that the directory associated with the on-prem version was not properly write-protected, allowing an attacker to potentially introduce malicious code alongside WAC.
Furthermore, both versions of WAC rely on a check-access token and a proof-of-possession (POP) token to identify resources managed by the system. However, Kalendarov and Zamir found that VMs do not thoroughly validate all fields in the POP token, which could be exploited by attackers to gain unauthorized access to tenant-managed VMs under WAC. Additionally, resources managed by Microsoft Arc are also at risk due to this vulnerability.
It's worth noting that none of the CVEs (Common Vulnerability Exploits) identified by Kalendarov and Zamir have been found to be actively exploited as of now. The worst of these flaws was rated a 7.8 CVSS score, indicating a moderate level of severity. However, the researchers emphasize that this should still raise concerns among organizations operating hybrid clouds.
"We're saying your hybrid management plane is an attack surface you are not monitoring enough," said Kalendarov during their presentation. "You must look at both cloud and on-prem systems as tier zero."
In response to these findings, Microsoft has published patches for the identified vulnerabilities, effectively addressing the issue. However, this highlights a broader concern that hybrid cloud management tools may be an overlooked attack surface.
"We're researching WAC due to its large user population," explained Zamir during an interview with The Register. "But we also expressed interest in probing other hybrid cloud tools." This underscores the need for closer scrutiny of these systems and the importance of adopting a comprehensive security approach that considers both on-premises and cloud-based infrastructure.
The incident serves as a reminder to organizations operating hybrid clouds to take proactive measures to secure their environments. This includes monitoring both cloud and on-premises systems closely, implementing robust access controls, and staying up-to-date with patches and updates for any vulnerabilities identified.
In conclusion, the discovery of vulnerabilities in Microsoft's Windows Admin Center (WAC) by Israeli researchers Ilan Kalendarov and Ben Zamir has shed light on a critical weakness in hybrid cloud management tools. While some concerns about the severity of this issue have been alleviated due to the swift publication of patches, it underscores the need for closer vigilance and proactive measures to safeguard these systems.
Hybrid clouds have long been touted as a means to harness the benefits of both on-premises and cloud-based infrastructure. However, recent research has exposed critical vulnerabilities in hybrid cloud management tools that could potentially compromise security.
Related Information:
https://www.ethicalhackingnews.com/articles/Hybrid-Clouds-A-Two-Way-Attack-Surface-Exposed-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/04/23/wac_flaws_hybrid_cloud_security/
https://www.theregister.com/2026/04/23/wac_flaws_hybrid_cloud_security/?td=keepreading
https://www.onenewspage.com/n/Computer+Industry/1ztf28nrqd/Hybrid-clouds-have-two-attack-surfaces-and-you.htm
Published: Thu Apr 23 09:13:28 2026 by llama3.2 3B Q4_K_M
