Attend IT Blog

Attend IT Limited has been serving the Brentford area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Categories
Tags
Categories:   All Categories
Suggested keywords
x

Vulnerabilities Found Inside Azure-Linked Managed Database Service

Vulnerabilities Found Inside Azure-Linked Managed Database Service

It’s not unheard of for some threats to remain undiscovered for months or even years, as is the case with a particularly nasty one in the Microsoft Azure database system. This exploit, discovered by cloud security provider Wiz, is built into Cosmos DB, Microsoft Azure’s managed database service. Let’s take a look at the exploit and see what we can learn from it.

The vulnerability is called Chaos DB and is capable of providing read and write access to just about every database on the service. No evidence indicates that the exploit was used by hackers or attackers, but it is still a major problem and one that you should be aware of. The vulnerability comes about as a result of how the database handles primary keys and how Microsoft deployed its default settings for one of their services.

The service in question, Jupyter Notebook, is a feature found in Cosmos DB. Wiz found that this feature was enabled automatically for all instances of Cosmos DB in the month of February 2021, but this issue could go as far back as 2019 when Jupyter first became a feature. A misconfigured setting within Jupyter allows users to obtain the primary keys for other users of Cosmos DB. Since the primary keys give the holder the ability to read, write, and delete data on the database, it is a pretty serious issue.

Primary keys are credentials that do not expire, so if malicious entities get ahold of them, the only solution is to rotate them so that they are no longer useful to whoever steals them. If this is not done, then anyone who has obtained the primary key can potentially gain escalated privileges. Wiz recommends that all users who have Jupyter enabled on their service rotate their keys, no matter how long or short they have used the service for.

Microsoft has since disabled the vulnerability that allowed for Chaos DB, but the company doubled down on the fact that it cannot change the primary keys, instead urging customers to rotate them themselves. Microsoft has also issued a warning to affected customers, which amount to about one-third of the service’s user base, along with instructions on how to limit the risks associated with this vulnerability.

Again, it is extraordinarily important that you prioritize security configurations for your business technology, as you could unknowingly be placing your business’ data or privacy at risk. To remove the guesswork, get Attend IT Limited on board to give you a hand. We can assist with any configurations your technology needs to remain secure. To learn more, reach out to us at 020 8626 4485.

Tags:
Microsoft Cybersecurity Cloud Computing
Here Is Exactly Why Data Redundancy Is Important
Is Your Business Following These Essential Best Pr...

About the author

Adam Shailes

Adam Shailes

Attend IT Limited has been serving the Brentford area since 2003, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Author's recent posts

More posts from author
 

Blog Categories

Mobile? Grab this Article!

Qr Code

Tag Cloud

Technology Security Business Computing Best Practices Productivity Business Cloud Network Security Tip of the Week Data Software Managed IT Services Hackers IT Support Data Backup Data Recovery IT Services Innovation Privacy Hosted Solutions Disaster Recovery Backup communications Efficiency VoIP Small Business Hardware Malware Computer Cybersecurity Saving Money Email Mobile Devices Internet Phishing Collaboration Business Continuity Outsourced IT Cloud Computing Workplace Strategy User Tips Business Management Upgrade Microsoft Users Quick Tips Ransomware BDR Automation Information Technology Productivity Workplace Tips Compliance Smartphones Training Internet of Things Gadgets Smartphone IT Support Server Communication Remote Passwords Artificial Intelligence Current Events Risk Management Wi-Fi Mobile Device Employee-Employer Relationship Social Media BYOD Mobile Device Management Managed Service Provider Network Managed IT Mobility Managed IT services Budget Android Spam Meetings Covid-19 Google Save Money Wireless Password Networking Human Resources Microsoft Office Avoiding Downtime Document Management Office Printing Information Managed Service Printers Windows 7 Remote Workers AI VPN Remote Computing Chrome History Hosted Solution Windows Router Instant Messaging Encryption Firewall Content Filtering Computers Data Management Cost Management Windows 10 Project Management MSP Tech Term Monitoring Virtual Private Network Help Desk Time Management Remote Work Video Conferencing Laptop Marketing Recovery Telephone Systems Government End of Support Facebook Hacker Personal Information Hard Drives Solid State Drive Virtualization Battery Automobile Telephony Big Data Two-factor Authentication Audit Employer-Employee Relationship Value Saving Time Data Breach Data Storage Data Security Mobile Software as a Service Conferencing Redundancy Maintenance Devices Proactive Computing Wireless Internet Hybrid Cloud Business Technology IT Service Machine Learning Paperless Office Backup and Disaster Recovery Voice over Internet Protocol Mobile Office Manufacturing Customer Relationship Management Printer Managed Services Mobile Computing Proactive IT Social Engineering Transportation Going Green Browser Miscellaneous Applications Private Cloud Operating System iPhone Health Money Administration Colocation Windows 10 Advertising PDF Apps Legal Wireless Technology Flexibility Update Cybercrime Black Market Shadow IT Disaster Education Application Save Time Work/Life Balance Office 365 Antivirus Holiday Entertainment HIPAA Phone System Analytics Electronic Medical Records Cleaning Hacking Smart Technology Vendor Management Samsung Company Culture App SaaS Upgrades Vulnerability The Internet of Things Dark Web Nanotechnology OneNote Business Intelligence Managed IT Service Data Protection Commerce Regulation Professional Services Travel Word Apple User Error Data Loss File Sharing Storage Lifestyle Evernote Workers Spyware intranet Blockchain IoT Analysis Chromebook Smart Tech Connectivity Streaming Media Content Filter Management Financial Technology Gamification Students Unified Communications Remote Monitoring Wasting Money Amazon Virtual Assistant Alexa for Business WPA3 File Storage Bandwidth Vendor Telephone Utility Computing Payroll SMB Downtime E-Commerce Payment Cards Break/Fix e-waste Employees Smartwatch Development Azure Active Directory Windows Server Cybersecurty Window 10 Online Storage Fiber Optics Windows Server 2008 Copiers Voiceover Internet Protocol Business Telephone Computer Repair Troubleshooting CRM Workstations Outsource IT PCI DSS Regulations Compliance Cost Remote Working Leadership Bitcoin Finance Infrastructure Videoconferencing Streaming Customer Service Copier Authentication Hiring/Firing RMM Windows 11 Cabling Going Paperless Inventory Management Employer/Employee Relationships Outsourcing How To Microsoft Outlook Files Regulations Paperless Solutions Microsoft 365 Strategy Consulting Decision Making Ergonomics Signage Customer Experience Physical Security Robot Google Drive Alert Law Enforcement Reputation Social Relocation Search Internet Exlporer Text Messaging Office Tips HaaS Video Games Scalability Humor How To Best Practice USB Virtual Reality Managing Stress Point of Sale Identity Theft Worker Commute Politics Experience Music Books Safety Emergency Worker Scam Computer Accessories Charger Computer Care Unsupported Software Television Business Strategy WiFi Unified Threat Management Consultant Touchscreen Emails Webinar IT solutions Windows 10s Hard Disk Drive iOS Computer Fan Root Cause Analysis Augmented Reality CrashOverride Settings Screen Mirroring Cast HBO IT Management IT Solutions WIndows Server 2008 Patch Management Outlook Shortcut Excel Sync Adobe Licensing Tablets NFL Windows Ink Google Maps Google Docs Microsoft Excel Sports Cortana Legislation Comparison Specifications Sales Retail Gifts Credit Cards FAQ Wireless Charging WannaCry Updates Microsoft Word eWaste Device Security Tech Support Fraud Edge Ciminal IT budget Identities Language Virus Websites Data Theft App store Mobile Security Identity Data Privacy Hard Drive Google Assistant Twitter Computer Forensics Gmail PowerPoint Memory Financial Bring Your Own Device Testing Camera Projects Display Co-Managed Services Hyperlink Wasting Time Accessory Peripheral Access Control Admin Keyboard Shortcuts Security Cameras Employee 5G Medical IT YouTube OneDrive Sabotage PC Server Maintenance Investment ROI Windows Server 2008 R2 Micrsosoft Digital Signage Processor Benchmarks Myths Threats Scams Managed Services Provider Facebook Privacy eCommerce Holidays Inventory Communitications Hosted Desktop Smart Devices Keyboard Net Neutrality Internet Service Provider Workstation Telework Audits Solutions Policy Procedure Organization Innovations Reviews Biometrics Computer Tips Work Windows 8.1 Voice Supply Chain Environment Workplace Strategies Print Management Healthcare SSD Remote Management Telephone System Print Database 2FA Virtual Desktop Proactive Management eSignature Cyberattack Cameras Digital Cameras Mixed Reality Displays Stories

Blog Archive