Microsoft Warns 3000 Companies Their Azure Cloud Database Is Vulnerable

Yet again, another system is failing to keep our data secure.


Recently, Microsoft sent an email to over 3000 companies saying that their Azure database is vulnerable. Companies use Microsoft Azure’s flagship Cosmos DB database to secure their data, but that doesn’t seem to be the case here. According to Reuters, this vulnerability in Microsoft Azure allowed intruders to read and write data from any of these companies. What’s more surprising is that the issue went unnoticed for 2 years.

Using this vulnerability, intruders could have the ability to read, change or even delete their main databases. Some affected organizations included Fortune 500 companies such as Coca-Cola, Skype, Bentley, Rolls-Royce, Diply, Symantec, and Zeiss.

ChaosDB vulnerability

Fortunately, the vulnerability in Microsoft Azure was discovered by a security company, Wiz. The company then dubbed this exploit “ChaosDB.” It involved a misconfiguration in the visualization tool called Jupyter Notebook. This tool was enabled by default in Microsoft Azure Cosmos DB. Using this, the security team at Wiz successfully accessed data from other Cosmos DB accounts.

Microsoft Azure Fix

The security company then reported the issue on August 12th, with Microsoft deploying a quick fix by the 14th. However, since the vulnerability was live for so long, there was a chance that someone could still have access keys. Microsoft has since notified over 30% of Cosmos DB customers that they need to change their access keys.

Wiz still believes that many more companies could be at risk as Microsoft only reached out to some Cosmos DB customers. They then recommended that all Cosmos DB customers take steps to protect their information. Changing your access keys can help mitigate the exposure.

How to change Microsoft Azure Cosmos DB access keys?

1. Navigate to your Microsoft Azure Cosmos DB account on the Azure portal.

2. Select Keys from the left menu, then select Regenerate Primacy/Secondary Key from the ellipses on the right side of your primary/secondary key.

how to reset microsoft azure keys

3. You can now validate that the new secondary key works consistently against your Azure Cosmos DB account.

Note: Key regeneration can take anywhere from one minute to multiple hours, depending on the size of the Cosmos DB account.

4. Replace your primary key with the secondary key in your application.

5. Go back to the Microsoft Azure portal and trigger the regeneration of the primary/secondary key.

fix microsoft azure vulnerability

Note: You can learn more about securing access to data in the Microsoft Azure Cosmos DB by reading this link.

Nalin Rawat

Nalin Rawat

Nalin is a tech writer who covers VR, gaming, awesome new gadgets, and the occasional trending affairs of the tech industry. He has been writing about tech and gaming since he started pursuing Journalism in college. He has also previously worked in print organizations like The Statesman and Business Standard. In his free time, he plays FPS games and explores virtual reality. Reach out to him at @NalinRawat
More From Fossbytes

Latest On Fossbytes

Find your dream job