Microsoft Warns 3000 Companies Their Azure Cloud Database Is Vulnerable

Yet again, another system is failing to keep our data secure.

Share on twitter
Share on whatsapp
Share on facebook

Recently, Microsoft sent an email to over 3000 companies saying that their Azure database is vulnerable. Companies use Microsoft Azure’s flagship Cosmos DB database to secure their data, but that doesn’t seem to be the case here. According to Reuters, this vulnerability in Microsoft Azure allowed intruders to read and write data from any of these companies. What’s more surprising is that the issue went unnoticed for 2 years.

Using this vulnerability, intruders could have the ability to read, change or even delete their main databases. Some affected organizations included Fortune 500 companies such as Coca-Cola, Skype, Bentley, Rolls-Royce, Diply, Symantec, and Zeiss.

ChaosDB vulnerability

Fortunately, the vulnerability in Microsoft Azure was discovered by a security company, Wiz. The company then dubbed this exploit “ChaosDB.” It involved a misconfiguration in the visualization tool called Jupyter Notebook. This tool was enabled by default in Microsoft Azure Cosmos DB. Using this, the security team at Wiz successfully accessed data from other Cosmos DB accounts.

Microsoft Azure Fix

The security company then reported the issue on August 12th, with Microsoft deploying a quick fix by the 14th. However, since the vulnerability was live for so long, there was a chance that someone could still have access keys. Microsoft has since notified over 30% of Cosmos DB customers that they need to change their access keys.

Wiz still believes that many more companies could be at risk as Microsoft only reached out to some Cosmos DB customers. They then recommended that all Cosmos DB customers take steps to protect their information. Changing your access keys can help mitigate the exposure.

How to change Microsoft Azure Cosmos DB access keys?

1. Navigate to your Microsoft Azure Cosmos DB account on the Azure portal.

2. Select Keys from the left menu, then select Regenerate Primacy/Secondary Key from the ellipses on the right side of your primary/secondary key.

how to reset microsoft azure keys

3. You can now validate that the new secondary key works consistently against your Azure Cosmos DB account.

Note: Key regeneration can take anywhere from one minute to multiple hours, depending on the size of the Cosmos DB account.

4. Replace your primary key with the secondary key in your application.

5. Go back to the Microsoft Azure portal and trigger the regeneration of the primary/secondary key.

fix microsoft azure vulnerability

Note: You can learn more about securing access to data in the Microsoft Azure Cosmos DB by reading this link.

Nalin Rawat

Nalin Rawat

Just a big nerd for everything pop culture and geeky. Pretty much in love with movies, comics, games, and awesome new gadgets.

New on Fossbytes

Scroll to Top