Microsoft has warned about 3,000 customers of its Azure Cosmos DB product — many of them giant Fortune 500 enterprises — that the database product had a vulnerability leaving them open to cyberattacks. The vulnerability, which Microsoft says has been fixed, was open to exploits for two years.
Microsoft says it doesn’t believe the flaw was exploited by cybercriminals. “We are not aware of any customer data being accessed because of this vulnerability,” Microsoft told Bloomberg News.
The flaw was discovered by Israeli cybersecurity firm Wiz, which warned Microsoft of the problem. Wiz detailed the Cosmos DB vulnerability in a blog post on its website. In a frightening account, Wiz said it was able to white hack Cosmos DB and gain “complete unrestricted access to the accounts and databases of several thousand Microsoft Azure customers.” Microsoft describes Azure Cosmos DB as “a fully managed NoSQL database for modern app development.” According to Microsoft, its appeal to large companies is because as “a fully managed service, Azure Cosmos DB takes database administration off your hands with automatic management, updates and patching.”
Wiz said the vulnerability has been open and exploitable since 2019 when Microsoft added a feature called Jupyter Notebook, which Microsoft describes as an “open-source web application that allows you to create and share documents that contain live code, equations, visualizations, and narrative text.” Azure Cosmos DB itself was introduced in 2017.
While Microsoft says the vulnerability is no longer exploitable, it still urged Azure Cosmos DB customers to take additional precautions. Bloomberg reported that Microsoft told network admins to generate “new digital keys used to securely access those systems.”
It’s been a trying year for Microsoft and security problems. Its venerable Exchange Server was hit with a massive ransomware attack in March, and last year’s SolarWinds attack was caused, in part, by stolen Microsoft source code. More recently, Microsoft has had to issue two patches for a printer vulnerability dubbed PrintNightmare.
Featured image: Shutterstock