Security vulnerabilities in Microsoft’s Azure Health Bot Service, which have now been patched, could have enabled attackers to gain unauthorized access to highly sensitive patient information and move laterally around a victim’s network.
The Azure AI Health Bot Service is a cloud platform that health organizations use to deploy virtual health assistants and copilots. These bots can manage administrative tasks, interact with patients, and assist with insurance inquiries.
Tenable’s team of researchers examined the Data Connections feature, which allows organizations to connect external data sources to their instances. Researchers discovered that by making requests against redirect functionality during the configuration of data connections, they could bypass protections around making external requests to attack internal APIs.
Attackers could have accessed Azure’s metadata service to obtain management tokens by manipulating redirect responses (error code 301). This could have allowed them to enumerate subscriptions and resources, thus potentially leading to exposure of sensitive data within different tenants.
A similar issue was also discovered in an endpoint related to integration with Fast Healthcare Interoperability Resources (FHIR). Tenable reported the issues with the Azure App Service to Microsoft in mid-2024, and all regions were subsequently patched.
This underlines the fact that artificial intelligence chatbot services need to be protected with strong security. Such threats should not be underestimated in the context of cloud and web application security as artificial intelligence gets embedded into more and more critical domains.
The disclosure comes after a series of recently reported vulnerabilities related to Microsoft, including a privilege escalation technique in Microsoft Entra ID that serves as another reminder of the ever-present need for security updates and patches within intricate cloud-based infrastructures.
