Chinks in Microsoft’s cloud security exposed

The software giant fixes the vulnerability which was found in Azure's flagship Cosmos DB database.

  • Last Updated : May 17, 2024, 14:11 IST
A few months ago, Microsoft was breached by some suspected Russian hackers.

A cyber security company Wiz has exposed chinks in Microsoft’s cloud safety system, which has prompted the software giant to warn its cloud computing customers, including many Fortune 500 firms, that intruders could have access to their main databases.

A Wiz research team has found that Microsoft Azure’s flagship Cosmos DB database is vulnerable to cyber-attacks. The researchers were able to access keys that control the databases of thousands of companies.

Customers like Coca-Cola, Exxon-Mobil and Citrix use Cosmos DB to manage massive amounts of data from around the world in near real-time, according to a blog post by Wiz. Cosmos DB is a simple and very flexible way to store data. It powers the processing of millions of prescription transactions or managing customer orders on e-commerce sites.

Microsoft has informed its customers through emails and asked them to create new ones since it cannot change those keys by itself. “We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure,” according to a media report in Reuters.

In an email sent to Wiz, the software giant said it would pay Wiz $40,000 for finding the flaw and reporting it.

The frequency of data breaches of databases is worrying, considering the fact that more and more companies are moving to the cloud. “The culprit is usually a misconfiguration in the customer’s environment,” the blog said, adding that in this case, customers were not at fault.

Primary keys are the holy grail for attackers. They are long-lived and allow full read, write and delete access to customer data. Microsoft a couple of years ago included a feature called Jupyter Notebook to Cosmos DB, allowing customers to visualize data. In February this year, this feature was turned on for all Cosmos DBs.

Many misconfigurations in the notebook feature opened up a new attack vector and as a result, an attacker could gain access to customers’ Cosmos DB primary keys.

The Wiz researchers further showed that an attacker can leverage these keys for full admin access to all the data stored in the affected Cosmos DB accounts. “We could then control the customer Cosmos DB directly from the internet, with full read/write/delete permissions,” they said in a blog post.

Wiz Chief Technology Officer Ami Luttwak said that even customers who have not been notified by Microsoft could have had their keys swiped by attackers. Luttwak was formerly with Microsoft’s Cloud Security Group.

A few months ago, Microsoft was breached by some suspected Russian hackers. The news agency further noted that issues with Azure are particularly troubling since Microsoft has been prompting companies to give up their infrastructure and rely on the cloud for more security.

Published: August 27, 2021, 14:34 IST
Exit mobile version