Critical Bug Advisory: Authentication Failures

[pemari-msft]

Due to a latent bug in the CPP REST SDK, date strings are being incorrectly generated as a part of storage requests. This means that requests originating today, 31 December 2020 (UTC) will see persistent 403 errors returned from the storage service. The fix in the underlying CPP REST SDK is being released (2.10.17). Please upgrade your dependency on CPP REST SDK to 2.10.17 ASAP to mitigate this issue according to the instructions in the comment below. Bearer token authentication is not affected. The issue will also self-mitigate on 1 Jan 2021. We apologize for the inconvenience.

[vinjiang]

To apply the fix in your application,

• If you're using vcpkg to install azure-storage-cpp package, we recommend you upgrade vcpkg to latest and reinstall azure-storage-cpp and cpprestsdk. Note that this will also upgrade azure-storage-cpp to the latest version of 7.5.0.
• If you build azure-storage-cpp and cpprest from source code by yourself. You should download the latest cpprest sdk (2.10.17), build and overwrite the older version. You don't need to upgrade azure-storage-cpp package in this case.

[rhythmnewt]

Thank you for this solution. We're working on rolling out a fix in our environments.