Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Azure Backup for AKS Trusted Access permission tightening

Security Patch Release
First reported
Last updated
Happening score
H score 8
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft appears to have silently tightened Azure Backup for AKS, closing a Trusted Access authorization path that could let a low-privileged role reach cluster-admin. The product now requires manual Trusted Access configuration before backup can be enabled, and the change was observed after the March 2026 disclosure. O'Leary also saw new permission checks that were not present during his original testing, indicating the original behavior was replaced. No public advisory or CVE accompanied the fix, limiting defender visibility into the exposure window.

Related Happenings

Microsoft Windows 11 KB5089549 cumulative update

Security Patch Release
First: 18.05.2026 11:33 Last: 18.05.2026 11:33 Sources 1

About this happening: Microsoft's **KB5089549** **Windows 11** security update is failing to install on some systems, forcing affected devices to roll back during reboot. The problem is tied to a nearl...

Open Happening

Tycoon2FA device-code phishing campaign targeting Microsoft 365

Campaign
First: 17.05.2026 17:43 Last: 17.05.2026 17:43 Sources 1

About this happening: The **Tycoon2FA** phishing operation added **device-code phishing** to hijack **Microsoft 365** accounts, expanding its ability to steal access tokens and reach email, calendar, a...

Open Happening

Microsoft security patch release for CVE-2023-43896

Security Patch Release
First: 04.05.2026 13:40 Last: 04.05.2026 13:40 Sources 1

About this happening: **Microsoft**'s **April 2026 Windows security updates** are blocking **psmounterex.sys**, which can break third-party backup apps on **Windows 10**, **Windows 11**, and **Windows...

Open Happening

Microsoft Defender false-positively flags DigiCert root certificates and removes some from Windows trust store

Security Tool/Service
First: 03.05.2026 21:11 Last: 03.05.2026 21:11 Sources 1

About this happening: **Microsoft Defender** began falsely flagging valid **DigiCert root certificates** as **Trojan:Win32/Cerdigent.A!dha**, creating widespread false positives and risking certificate...

Open Happening

CISA KEV order for BlueHammer patching

Public Sector Action
First: 23.04.2026 14:05 Last: 23.04.2026 14:05 Sources 1

About this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...

Open Happening

Timeline

  1. 16.05.2026 23:55 1 articles · 11d ago

    Azure Backup for AKS privilege escalation is reported to Microsoft

    Initial Disclosure

    Justin O'Leary reported a critical Azure Backup for AKS privilege escalation to Microsoft on March 17 after finding that the low-privileged Backup Contributor role could trigger Trusted Access and reach cluster-admin inside AKS clusters.

    Show sources
    Open in new tab
  2. 16.05.2026 23:55 1 articles · 11d ago

    MSRC rejects the Azure Backup for AKS report

    Technical Analysis Update

    Microsoft Security Response Center rejected the Azure Backup for AKS report on April 13, saying the issue only involved obtaining cluster-admin on a cluster where the attacker already held administrator access, a characterization O'Leary disputed.

    Show sources
    Open in new tab
  3. 16.05.2026 23:55 1 articles · 11d ago

    CERT/CC validates the Azure Backup for AKS privilege escalation

    Technical Analysis Update

    CERT Coordination Center independently validated the Azure Backup for AKS vulnerability on April 16 and, according to O'Leary, assigned VU#284781, confirming that a user with zero Kubernetes permissions could gain cluster-admin.

    Show sources
    Open in new tab
  4. 16.05.2026 23:55 1 articles · 11d ago

    Microsoft staff recommend against CVE assignment for Azure Backup for AKS

    Legal Policy Action Update

    On May 4, Microsoft staff reportedly contacted MITRE to recommend against CVE assignment for the Azure Backup for AKS issue, again arguing that pre-existing administrative access was required.

    Show sources
    Open in new tab
  5. 16.05.2026 23:55 2 articles · 11d ago

    Azure Backup for AKS shows manual Trusted Access and extra permission checks

    Mitigation Patch Update

    By May 16, O'Leary observed Azure Backup for AKS returning UserErrorTrustedAccessGatewayReturnedForbidden, with Trusted Access needing manual configuration before backup could be enabled and additional Reader and Contributor permission checks appearing where the March 2026 behavior had automatically configured access; Microsoft said the behavior was expected and no product changes were made.

    Show sources
    Open in new tab