Critical Security Flaws in Microsoft's Azure Health Bot Service Discovered & Patched

Tenable's research focused on a feature of the Azure AI Health Bot Service known as Data Connections.

Cybersecurity researchers have uncovered two significant security vulnerabilities in Microsoft's Azure Health Bot Service that, if exploited, could have allowed attackers to move laterally within customer environments and gain access to sensitive patient data.

The flaws, now patched by Microsoft, were revealed in a report by cybersecurity firm Tenable and shared with The Hacker News.

The Azure AI Health Bot Service is a cloud platform that empowers healthcare developers to create and deploy AI-powered virtual health assistants.

These bots are used by healthcare organizations and insurance providers to engage with patients, manage administrative workloads, assist in finding appropriate care, and provide information about insurance claims and benefits.

The service is a crucial tool for many organizations, integrating data from various external sources to enhance patient interactions and streamline healthcare processes.

Exploiting Data Connections

Tenable's research focused on a feature of the Azure AI Health Bot Service known as Data Connections. This feature allows the integration of data from external sources, including third-party APIs or the service providers' own endpoints.

While safeguards are in place to prevent unauthorized access to internal APIs, Tenable discovered that these protections could be bypassed under certain conditions.

The exploit involved configuring a data connection with an external host controlled by the attacker.

By setting up the host to respond to requests with a 301 redirect response—a common HTTP status code used to redirect traffic—the attacker could trick Azure's metadata service (IMDS) into providing a valid metadata response.

This response could then be used to obtain an access token for `management.azure[.]com`.

With this token, the attacker could list the subscriptions accessible through the Azure platform, ultimately allowing them to list and potentially access resources within those subscriptions.

This breach could have serious implications, as it would enable unauthorized access to sensitive patient data and other critical resources within a healthcare organization’s environment.

Tenable also discovered that another endpoint related to the integration of systems supporting the Fast Healthcare Interoperability Resources (FHIR) data exchange format was vulnerable to the same type of attack.

FHIR is widely used for exchanging healthcare information electronically, and any vulnerabilities in this system pose a significant risk to patient privacy and data security.

Microsoft's Response & Industry Implications

Tenable reported these vulnerabilities to Microsoft in June and July 2024. Microsoft responded swiftly, rolling out fixes across all regions to address the flaws.

Fortunately, there is no evidence to suggest that these vulnerabilities were exploited in the wild before the patches were applied.

"The vulnerabilities raise concerns about how chatbots can be exploited to reveal sensitive information," Tenable said in a statement.

They emphasized that the issue highlighted a flaw in the underlying architecture of the chatbot service, underscoring the critical importance of maintaining robust web app and cloud security, especially as AI-driven technologies become more prevalent in sensitive industries such as healthcare.

Recent Security Concerns in Microsoft's Ecosystem

This disclosure comes on the heels of another significant security concern involving Microsoft services. Semperis recently detailed an attack technique dubbed *UnOAuthorized* that allows for privilege escalation within Microsoft Entra ID (formerly Azure Active Directory).

This vulnerability, which has since been patched, could have permitted attackers to add or remove users from privileged roles, potentially enabling them to perform lateral movements across Microsoft 365, Azure, and any connected SaaS applications.

According to security researcher, Eric Woodruff, "A threat actor could have used such access to perform privilege elevation to Global Administrator and install further means of persistence in a tenant," further highlighting the potential risks posed by these vulnerabilities.