On Thursday, Microsoft issued a formal warning for all its cloud customers, that their databases could be compromised. According to a mail from Microsoft and advice from a cybersecurity researcher, hackers could have the ability to penetrate and manipulate databases. It was analysed that the loophole is in the Cosmos DB database of Microsoft Azure. Researchers from Wiz found that they could access keys to databases held by thousands of Microsoft cloud customers.
Since Microsoft has no authority to change those keys themselves, it mailed its cloud customers to change the existing keys and create new ones. Microsoft will pay Wiz $40,000 for detecting the flaw and reporting it to them.
Microsoft told Reuters that they took immediate steps in resolving the issue and keeping their customers’ databases safe. They thanked the cybersecurity researchers for helping out to detect the flaw.
Microsoft mentioned in its email that no indication had been found that the flaw was exploited by intruders, and that any external entity had accessed the primary read-write key, apart from researchers at Wiz. According to Luttwak-The potential of this cloud vulnerability could have been devastating as it was the central database of Azure, and they could get access to any customer database that they wanted. The issue was named ChaosDB and was found by Luttwak’s team on August 9. According to Luttwak, Microsoft was notified of the issue on August 12. The flaw was found in Jupyter Notebook, the visualisation tool of CosmosDB. This tool was default enabled in Cosmos since February.
Luttwak also mentioned that customers who have not been apprised of the vulnerability by Microsoft could have their keys accessed by intruders unless the existent keys are removed and the new ones are enacted. He mentioned that Microsoft notified only those customers whose keys got visible in the current month.
The news of this vulnerability comes in the wake of other bad Microsoft Security news. The company security was earlier breached by Russian hackers who infiltrated Solarwinds and stole the Microsoft source code. A large number of hackers had earlier broke into Exchange Email servers when a security patch was being applied. A printer flaw that enabled computer takeovers had to be refixed repeatedly.
Last week a US Government Warning was issued for an exchange flaw. As Microsoft has been pushing companies to rely more and more on the cloud and minimise their infrastructure, such vulnerabilities with Azure are becoming more troubling. Though cloud attacks are very rare, they can be more devastating when they occur. To add to worry, some critical vulnerabilities are never publicised