Nasty Vulnerability Found in Microsoft Azure’s Managed Database Service

Some vulnerabilities can fly under the radar for quite some time, some for months or even years. This is the case with a recently discovered Microsoft Azure database vulnerability. The exploit, discovered by cloud security provider Wiz, is found in Cosmos DB, Microsoft Azure’s managed database service, and it’s a real nasty one at that. Let’s dive into the details and see what we can learn from the incident.

This vulnerability, aptly titled Chaos DB, is so deeply rooted that it can grant read/write access for every single database on the service. While there is no evidence that the exploit was utilized, that’s not to say that this isn’t a huge problem. It all boils down to the way that the database handles primary keys and, once again, how Microsoft deployed default settings for one of their services.

Wiz discovered this vulnerability in the Jupyter Notebook feature of Cosmos DB. This feature was enabled automatically for all instances of Cosmos DB in February of 2021, but Wiz suspects that this particular issue could go all the way back to 2019 when Jupyter was first introduced. Basically, what happens is that a misconfiguration within Jupyter allows users to obtain the primary keys for other users of Cosmos DB. This is perhaps the worst possible outcome, as the primary key gives the holder the ability to read, write, and delete data on just about anyone’s database.

Since the primary keys do not expire, if they have been leaked to malicious threat actors, the only solution is to rotate the primary keys so that they are not useful to whoever gains access to them. If this is not done, then anyone who has obtained the primary key will have all of these escalated privileges. Wiz, on the other hand, recommends that organizations who have had Jupyter enabled on their service for any amount of time rotate their keys… you know, just to be safe.

Thankfully, Microsoft disabled the vulnerability that enabled Chaos DB promptly after it was discovered, but there is only so much that the company can do in terms of the primary keys, which customers are going to have to rotate themselves. Microsoft issued a warning to the affected customers—about a third of the service’s user base—and sent out instructions on how to mitigate the risk, so any users of this service should catch up on the state of the problem. 

Again, we want to emphasize the importance of making sure that your business’ technology is configured correctly—especially when incidents like these occur. You never know when one minor setting could expose your critical data to hackers and other online threats. If you want to take the guesswork out of the equation, COMPANYNAME is happy to lend its support. We can assist your organization with implementing and configuring any business technology solution. To learn more, reach out to us at PHONENUMBER.

Facebook
Pinterest
Twitter
LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is for validation purposes and should be left unchanged.

Get in touch

If you are interested in our services or have questions about what we offer, please give us a call at 866-224-3636 to speak to a member of our solutions team.

Alternatively, you may use the contact form below and someone will get back to you as soon as possible. Thank you for your interest!

office-2dualtone.png
Headquarter

845 West Market Street, Bldg P Salinas, California 93901

support-2dualtone.png

(831) 758-3636
ext. 430

Follow our social network