Some vulnerabilities can fly under the radar for quite some time, some for months or even years. This is the case with a recently discovered Microsoft Azure database vulnerability. The exploit, discovered by cloud security provider Wiz, is found in Cosmos DB, Microsoft Azure’s managed database service, and it’s a real nasty one at that. Let’s dive into the details and see what we can learn from the incident.
This vulnerability, aptly titled Chaos DB, is so deeply rooted that it can grant read/write access for every single database on the service. While there is no evidence that the exploit was utilized, that’s not to say that this isn’t a huge problem. It all boils down to the way that the database handles primary keys and, once again, how Microsoft deployed default settings for one of their services.
Wiz discovered this vulnerability in the Jupyter Notebook feature of Cosmos DB. This feature was enabled automatically for all instances of Cosmos DB in February of 2021, but Wiz suspects that this particular issue could go all the way back to 2019 when Jupyter was first introduced. Basically, what happens is that a misconfiguration within Jupyter allows users to obtain the primary keys for other users of Cosmos DB. This is perhaps the worst possible outcome, as the primary key gives the holder the ability to read, write, and delete data on just about anyone’s database.
Since the primary keys do not expire, if they have been leaked to malicious threat actors, the only solution is to rotate the primary keys so that they are not useful to whoever gains access to them. If this is not done, then anyone who has obtained the primary key will have all of these escalated privileges. Wiz, on the other hand, recommends that organizations who have had Jupyter enabled on their service for any amount of time rotate their keys… you know, just to be safe.
Thankfully, Microsoft disabled the vulnerability that enabled Chaos DB promptly after it was discovered, but there is only so much that the company can do in terms of the primary keys, which customers are going to have to rotate themselves. Microsoft issued a warning to the affected customers—about a third of the service’s user base—and sent out instructions on how to mitigate the risk, so any users of this service should catch up on the state of the problem.
Again, we want to emphasize the importance of making sure that your business’ technology is configured correctly—especially when incidents like these occur. You never know when one minor setting could expose your critical data to hackers and other online threats. If you want to take the guesswork out of the equation, SRS Networks is happy to lend its support. We can assist your organization with implementing and configuring any business technology solution. To learn more, reach out to us at (831) 758-3636.