Microsoft Warns Cloud Customers of Exposed Databases
Yesterday, Microsoft warned thousands of its cloud computing customers that intruders could have the ability to read, change or even delete their main databases. The vulnerability is in Microsoft Azure’s flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. The flaw was in a visualization tool called Jupyter Notebook, which was enabled by default in Cosmos beginning in February.
Microsoft partners with Security researchers working under coordinated vulnerability disclosure agreements looking for vulnerability and flaws in an effort to keep their customers as safe as possible. Any research team that is able to discover a security flaw in Microsoft, they get rewarded financially from Microsoft.
Because Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. Microsoft did not indicate that any external entities outside the researcher (Wiz) had access to the primary read-write key. Meaning, there has been no evidence of the vulnerability leading to illicit data access.
As of now, no need to panic. Microsoft is aware of the flaw and took actions to fix it. What steps will Microsoft take next to ensure their Microsoft Azure cloud product becomes more secure? Stay tuned. We will keep you updated on our blog.
2W Tech is a technology service provider specializing in solutions for the manufacturing industry. We are a Microsoft Gold Partner and have IT Consultants on staff that are available to speak with you if you have questions regarding Microsoft Azure and this security flaw.