This week, again Azure makes the news with cloud security issues. Following the linked article, Microsoft secretly installed a “management agent” on customer VMs. As if the act itself was not severe enough, the agent is reachable from the network.
And, if this does not seem bad enough, the said agent will an attacker root access when the authentication header is missing:
When working with the cloud, do your threat modelling before choosing a vendor.