Threat Model Name:
Owner:
Reviewer:
Contributors:
Description:
Assumptions:
External Dependencies:
| Not Started | 327 |
| Not Applicable | 0 |
| Needs Investigation | 0 |
| Mitigation Implemented | 0 |
| Total | 327 |
| Total Migrated | 0 |
| Not Started | 119 |
| Not Applicable | 0 |
| Needs Investigation | 0 |
| Mitigation Implemented | 0 |
| Total | 119 |
| Total Migrated | 0 |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Shared Dashboard account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Shared Dashboard account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Shared Dashboard |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (fuzzXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (fuzzXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (fuzzXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (funcXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (funcXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (funcXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (funcXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (funcXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (funcXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (fuzzXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (fuzzXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (fuzzXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Shared Dashboard account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Shared Dashboard account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Shared Dashboard |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (fuzzXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (fuzzXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (fuzzXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Spoofing |
| Description: | An adversary can get access to a user's session by replaying authentication tokens |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that TokenReplayCache is used to prevent the replay of ADAL authentication tokens. Refer: <a href="https://aka.ms/tmtauthn#tokenreplaycache-adal">https://aka.ms/tmtauthn#tokenreplaycache-adal</a> |
| SDL Phase: | Implementation |
| Category: | Spoofing |
| Description: | An adversary can bypass authentication due to non-standard Azure AD authentication schemes |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use standard authentication scenarios supported by Azure Active Directory. Refer: <a href="https://aka.ms/tmtauthn#authn-aad">https://aka.ms/tmtauthn#authn-aad</a> |
| SDL Phase: | Implementation |
| Category: | Denial of Service |
| Description: | The default cache that ADAL (Active Directory Authentication Library) uses is an in-memory cache that relies on a static store, available process-wide. While this works for native applications, it does not scale for mid tier and backend applications. This can cause availability issues and result in denial of service either by the influence of an adversary or by the large scale of application's users. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Override the default ADAL token cache with a scalable alternative. Refer: <a href="https://aka.ms/tmtauthn#adal-scalable">https://aka.ms/tmtauthn#adal-scalable</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (fuzzXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (fuzzXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (fuzzXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Not Started | 88 |
| Not Applicable | 0 |
| Needs Investigation | 0 |
| Mitigation Implemented | 0 |
| Total | 88 |
| Total Migrated | 0 |
| Category: | Denial of Service |
| Description: | The default cache that ADAL (Active Directory Authentication Library) uses is an in-memory cache that relies on a static store, available process-wide. While this works for native applications, it does not scale for mid tier and backend applications. This can cause availability issues and result in denial of service either by the influence of an adversary or by the large scale of application's users. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Override the default ADAL token cache with a scalable alternative. Refer: <a href="https://aka.ms/tmtauthn#adal-scalable">https://aka.ms/tmtauthn#adal-scalable</a> |
| SDL Phase: | Design |
| Category: | Spoofing |
| Description: | An adversary can bypass authentication due to non-standard Azure AD authentication schemes |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use standard authentication scenarios supported by Azure Active Directory. Refer: <a href="https://aka.ms/tmtauthn#authn-aad">https://aka.ms/tmtauthn#authn-aad</a> |
| SDL Phase: | Implementation |
| Category: | Spoofing |
| Description: | An adversary can get access to a user's session by replaying authentication tokens |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that TokenReplayCache is used to prevent the replay of ADAL authentication tokens. Refer: <a href="https://aka.ms/tmtauthn#tokenreplaycache-adal">https://aka.ms/tmtauthn#tokenreplaycache-adal</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Shared Dashboard account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Shared Dashboard account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Shared Dashboard |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (funcXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (funcXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (funcXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (funcXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (funcXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (funcXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (fuzzXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (fuzzXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (fuzzXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (fuzzXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (fuzzXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (fuzzXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (fuzzXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (fuzzXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (fuzzXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Shared Dashboard account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Shared Dashboard account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Shared Dashboard |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Not Started | 120 |
| Not Applicable | 0 |
| Needs Investigation | 0 |
| Mitigation Implemented | 0 |
| Total | 120 |
| Total Migrated | 0 |
| Category: | Denial of Service |
| Description: | The default cache that ADAL (Active Directory Authentication Library) uses is an in-memory cache that relies on a static store, available process-wide. While this works for native applications, it does not scale for mid tier and backend applications. This can cause availability issues and result in denial of service either by the influence of an adversary or by the large scale of application's users. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Override the default ADAL token cache with a scalable alternative. Refer: <a href="https://aka.ms/tmtauthn#adal-scalable">https://aka.ms/tmtauthn#adal-scalable</a> |
| SDL Phase: | Design |
| Category: | Spoofing |
| Description: | An adversary can bypass authentication due to non-standard Azure AD authentication schemes |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use standard authentication scenarios supported by Azure Active Directory. Refer: <a href="https://aka.ms/tmtauthn#authn-aad">https://aka.ms/tmtauthn#authn-aad</a> |
| SDL Phase: | Implementation |
| Category: | Spoofing |
| Description: | An adversary can get access to a user's session by replaying authentication tokens |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that TokenReplayCache is used to prevent the replay of ADAL authentication tokens. Refer: <a href="https://aka.ms/tmtauthn#tokenreplaycache-adal">https://aka.ms/tmtauthn#tokenreplaycache-adal</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Shared Dashboard account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Shared Dashboard account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Shared Dashboard |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (funcXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (funcXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (funcXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (funcXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (funcXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (funcXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (funcXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (fuzzXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (fuzzXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (fuzzXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (fuzzXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (fuzzXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (fuzzXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (fuzzXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (fuzzXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (fuzzXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (fuzzXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (fuzzXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (fuzzXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Azure Storage (fuzzXX) account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Azure Storage (fuzzXX) account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Azure Storage (fuzzXX) |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Azure Storage (fuzzXX) due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard due to weak access control restrictions |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Grant limited access to objects in Azure Storage using SAS or SAP. It is recommended to scope SAS and SAP to permit only the necessary permissions over a short period of time. Refer: <a href="https://aka.ms/tmt-th17a">https://aka.ms/tmt-th17a</a> and <a href="https://aka.ms/tmt-th17b">https://aka.ms/tmt-th17b</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard instances due to weak network configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | It is recommended to restrict access to Azure Storage instances to selected networks where possible. <a href="https://aka.ms/tmt-th140">https://aka.ms/tmt-th140</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to Shared Dashboard account in a subscription |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Assign the appropriate Role-Based Access Control (RBAC) role to users, groups and applications at the right scope for the Azure Storage instance. Refer: <a href="https://aka.ms/tmt-th67">https://aka.ms/tmt-th67</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can abuse poorly managed Shared Dashboard account access keys and gain unauthorized access to storage. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure secure management and storage of Azure storage access keys. It is recommended to rotate storage access keys regularly, in accordance with organizational policies. Refer: <a href="https://aka.ms/tmt-th63">https://aka.ms/tmt-th63</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary can abuse an insecure communication channel between a client and Shared Dashboard |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that communication to Azure Storage is over HTTPS. It is recommended to enable the secure transfer required option to force communication with Azure Storage to be over HTTPS. Use Client-Side Encryption to store sensitive data in Azure Storage. Refer: <a href="https://aka.ms/tmt-th65">https://aka.ms/tmt-th65</a> |
| SDL Phase: | Implementation |
| Category: | Repudiation |
| Description: | Proper logging of all security events and user actions builds traceability in a system and denies any possible repudiation issues. In the absence of proper auditing and logging controls, it would become impossible to implement any accountability in a system. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Use Azure Storage Analytics to audit access of Azure Storage. If possible, audit the calls to the Azure Storage instance at the source of the call. Refer: <a href="https://aka.ms/tmt-th20">https://aka.ms/tmt-th20</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary can gain unauthorized access to Shared Dashboard due to weak CORS configuration |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that only specific, trusted origins are allowed. Refer: <a href="https://aka.ms/tmt-th21">https://aka.ms/tmt-th21</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | An adversary may gain unauthorized access to data on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that proper ACLs are configured to restrict unauthorized access to data on the device. Refer: <a href="https://aka.ms/tmtauthz#acl-restricted-access">https://aka.ms/tmtauthz#acl-restricted-access</a> Ensure that sensitive user-specific application content is stored in user-profile directory. Refer: <a href="https://aka.ms/tmtauthz#sensitive-directory">https://aka.ms/tmtauthz#sensitive-directory</a> |
| SDL Phase: | Implementation |
| Category: | Elevation of Privileges |
| Description: | If an application runs under a high-privileged account, it may provide an opportunity for an adversary to gain elevated privileges and execute malicious code on host machines. E.g., If the developed executable runs under the logged-in user's identity and the user has admin rights on the machine, the executable will be running with administrator privileges. Any unnoticed vulnerability in the application could be used by adversaries to execute malicious code on the host machines that run the application. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that the deployed applications are run with least privileges. . Refer: <a href="https://aka.ms/tmtauthz#deployed-privileges">https://aka.ms/tmtauthz#deployed-privileges</a> |
| SDL Phase: | Implementation |
| Category: | Information Disclosure |
| Description: | An adversary may gain access to sensitive data stored on host machines |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Consider using Encrypted File System (EFS) is used to protect confidential user-specific data. Refer: <a href="https://aka.ms/tmtdata#efs-user">https://aka.ms/tmtdata#efs-user</a> Ensure that sensitive data stored by the application on the file system is encrypted. Refer: <a href="https://aka.ms/tmtdata#filesystem">https://aka.ms/tmtdata#filesystem</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may spread malware, steal or tamper data due to lack of endpoint protection on devices. Scenarios such as stealing a user's laptop and extracting data from hard disk, luring users to install malware, exploit unpatched OS etc. |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that devices have end point security controls configured as per organizational policies. Refer: <a href="https://aka.ms/tmtconfigmgmt#controls-policies">https://aka.ms/tmtconfigmgmt#controls-policies</a> |
| SDL Phase: | Design |
| Category: | Tampering |
| Description: | An adversary may reverse engineer deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that binaries are obfuscated if they contain sensitive information. Refer: <a href="https://aka.ms/tmtdata#binaries-info">https://aka.ms/tmtdata#binaries-info</a> |
| SDL Phase: | Implementation |
| Category: | Tampering |
| Description: | An adversary may tamper deployed binaries |
| Justification: | <no mitigation provided> |
| Possible Mitigation(s): | Ensure that deployed application's binaries are digitally signed. Refer: <a href="https://aka.ms/tmtauthn#binaries-signed">https://aka.ms/tmtauthn#binaries-signed</a> |
| SDL Phase: | Design |