A Microsoft product with blatant and egregious security holes? How could anyone have ever known?
It's a good thing these guys were late to the cloud. I shutter how lousy my life would be as a sysadmin if I was forced on-prem because of how untrustworthy the reputation of cloud computing would have been.
When AWS came out I was pretty sure there would be escapes. I mean, I can escape my normal account on my computer to root over and over. We see Chrome / web browser escapes all the time.
AWS has actually (at very large scale) seemed to avoid tenant to control plane escapes. That HAS to be a result of some type of in depth defense?
The other thought - I wonder how much access even their own engineers have? If their engineers don't have easy customer data access it may make it a bit harder to chain over to other accounts. A lot of control plane stuff you realize is there so internal staff can jump around easily.
But the interesting thing about the S3 read bug, because AWS blocks support from reading S3 data on the control plane level, even though the IAM permission had read permissions support COULD NOT read any customer data.
This is that kind of example, even with a total possible failure here, even AWS support staff still couldn't actually do anything.
The transparency is very high on AWS. All S3 access is logged, the policies for the support role are public (does Azure provide this) and all changes to polices are logged.
Worst I can recall was kind of this:
"Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud"
https://gruss.cc/files/hello.pdf
"Black Hat Asia 2017: Hello From the Other Side"
"Live-streaming a music video over the cache between two Amazon EC2 instances."
https://youtu.be/yPZmiRi_c-o
It's a good thing these guys were late to the cloud. I shutter how lousy my life would be as a sysadmin if I was forced on-prem because of how untrustworthy the reputation of cloud computing would have been.