Microsoft Cloud Database users urged to review access codes

Cybersecurity agencies and researchers have been advised to change their digital access codes after a flaw was found in the Microsoft Azure cloud platform.

As first reported by Reuters, researchers at a cloud security company called Wiz have discovered that they could have gained access to the primary digital keys for most users of the Azure Cosmos DB database system, allowing them to steal, change or delete millions of records.

Alerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers' databases, then notified some users to change their keys.

In a blog post, Microsoft said it warned customers who had set up Cosmos access during the week-long research period.

It found no evidence that any attackers had used the same flaw to get into customer data, it noted.

"Our investigation shows no unauthorised access other than the researcher activity," Microsoft wrote.

"Notifications have been sent to all customers that could be potentially affected due to researcher activity," it said, perhaps referring to the chance that the technique had leaked from Wiz.

"Though no customer data was accessed, it is recommended you regenerate your primary read-write keys," it added.

The United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) used stronger language in a bulletin on Friday, making clear it was speaking not just to those notified.

"CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key," it said.

Wiz Chief Technology Officer Ami Luttwak said: "In my estimation, it's really hard for them, if not impossible, to completely rule out that someone used this before."

Microsoft did not give a direct answer when asked if it had comprehensive logs for the two years when the Jupyter Notebook feature was misconfigured or had used another way to rule out access abuse.

A spokesman for Microsoft Ross Richendrfer said: "We expanded our search beyond the researcher's activities to look for all possible activity for current and similar events in the past." 

Wiz said Microsoft had worked closely with it on the research but had declined to say how it could be sure that earlier customers were safe.

One of the lead researchers on the project at Wiz, Mr Sagi Tzadik said: "It's terrifying. I really hope that no one besides us found this bug." 

Wiz urged all users of Microsoft's Azure cloud platform to change their digital access keys, not just the 3,300 it notified this week. There has been nothing more officially released by Microsoft other than the already reported actions.


Featured Articles

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Magazine speaks with Radiflow’s CEO, Ilan Barda, about converging IT and OT and how leaders can better protect businesses from cybersecurity threats

QR ‘Quishing’ scams: Do you know the risks?

QR code scams, or Quishing scams, are rising and pose a threat to both private users and businesses as cyberattacks move towards mobile devices

Zero Trust Segmentation with Illumio’s Raghu Nandakumara

Head of Industry Solutions at Illumio, Raghu Nandakumara, offers insight into the proposed ban on ransom payments and how businesses can utilise Zero Trust

Is the password dead? Legacy technology prevents the shift

Network Security

Fake Bard AI malware: Google seeks to uncover cybercriminals

Technology & AI

Gartner report highlights threat of supply chain attacks

Cyber Security