Attend IT Limited Blog

Vulnerabilities Found Inside Azure-Linked Managed Database Service

Vulnerabilities Found Inside Azure-Linked Managed Database Service

It’s not unheard of for some threats to remain undiscovered for months or even years, as is the case with a particularly nasty one in the Microsoft Azure database system. This exploit, discovered by cloud security provider Wiz, is built into Cosmos DB, Microsoft Azure’s managed database service. Let’s take a look at the exploit and see what we can learn from it.

The vulnerability is called Chaos DB and is capable of providing read and write access to just about every database on the service. No evidence indicates that the exploit was used by hackers or attackers, but it is still a major problem and one that you should be aware of. The vulnerability comes about as a result of how the database handles primary keys and how Microsoft deployed its default settings for one of their services.

The service in question, Jupyter Notebook, is a feature found in Cosmos DB. Wiz found that this feature was enabled automatically for all instances of Cosmos DB in the month of February 2021, but this issue could go as far back as 2019 when Jupyter first became a feature. A misconfigured setting within Jupyter allows users to obtain the primary keys for other users of Cosmos DB. Since the primary keys give the holder the ability to read, write, and delete data on the database, it is a pretty serious issue.

Primary keys are credentials that do not expire, so if malicious entities get ahold of them, the only solution is to rotate them so that they are no longer useful to whoever steals them. If this is not done, then anyone who has obtained the primary key can potentially gain escalated privileges. Wiz recommends that all users who have Jupyter enabled on their service rotate their keys, no matter how long or short they have used the service for.

Microsoft has since disabled the vulnerability that allowed for Chaos DB, but the company doubled down on the fact that it cannot change the primary keys, instead urging customers to rotate them themselves. Microsoft has also issued a warning to affected customers, which amount to about one-third of the service’s user base, along with instructions on how to limit the risks associated with this vulnerability.

Again, it is extraordinarily important that you prioritize security configurations for your business technology, as you could unknowingly be placing your business’ data or privacy at risk. To remove the guesswork, get Attend IT Limited on board to give you a hand. We can assist with any configurations your technology needs to remain secure. To learn more, reach out to us at 020 8626 4485.

Here Is Exactly Why Data Redundancy Is Important
Is Your Business Following These Essential Best Pr...

By accepting you will be accessing a service provided by a third-party external to

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Business Computing Network Security Tip of the Week Productivity Best Practices Cloud Data Backup Data Recovery Managed IT Services Disaster Recovery communications Hackers Privacy VoIP Hosted Solutions Data Backup IT Support IT Services Malware Business Small Business Mobile Devices Business Continuity Cybersecurity Software Innovation Outsourced IT Cloud Computing Email Efficiency Computer Internet Phishing BDR Productivity IT Support Ransomware Saving Money Hardware Business Management User Tips Automation Information Technology Upgrade Smartphone Server Microsoft Internet of Things Managed IT Collaboration Mobile Device Management Managed IT services Smartphones Covid-19 Budget Compliance BYOD Mobility Meetings Network Workplace Tips Risk Management Artificial Intelligence Avoiding Downtime Spam Gadgets Managed Service Provider Save Money Windows 7 Quick Tips Google Mobile Device Communication Wi-Fi Passwords Remote Work Remote Workers Managed Service History Wireless MSP Windows 10 Computers Users Hosted Solution Employee-Employer Relationship Firewall Remote Computing Human Resources Content Filtering Virtual Private Network Cost Management Training Password Data Management Audit IT Service Value Devices Instant Messaging Telephony Big Data Personal Information Marketing Data Breach Automobile Conferencing Hybrid Cloud Recovery Saving Time Software as a Service Data Security Machine Learning Telephone Systems Router Business Technology VPN Voice over Internet Protocol Android Maintenance Employer-Employee Relationship End of Support Printing Paperless Office Manufacturing Document Management Redundancy Microsoft Office Social Media Time Management Tech Term Wireless Internet Backup and Disaster Recovery Networking Hard Drives Computing Printer Solid State Drive Monitoring Browser Commerce Copier Windows Server Proactive Employees Company Culture Legal Upgrades Infrastructure Help Desk Lifestyle PCI DSS Online Storage Travel Chromebook Shadow IT Administration Project Management E-Commerce Office Alexa for Business Social Engineering Business Intelligence Management Printers Laptop Copiers Spyware Wireless Technology Videoconferencing IoT Students Utility Computing Dark Web Regulations Compliance Customer Relationship Management Antivirus Smart Tech Vendor Colocation Payment Cards Government Information App Leadership Apple Money Financial Technology Video Conferencing Cost Voiceover Internet Protocol AI Streaming Education Cleaning Black Market Unified Communications Managed Services Holiday Connectivity Managed IT Service Hacker intranet Vulnerability Regulation Work/Life Balance Evernote WPA3 Transportation SaaS Phone System User Error Flexibility Outsource IT Hacking Wasting Money OneNote Remote Business Telephone Data Protection Azure Application Remote Monitoring Proactive IT Private Cloud Nanotechnology e-waste Fiber Optics Entertainment Word iPhone Samsung Streaming Media Bitcoin Mobile Office Troubleshooting Disaster Windows 10 Cybercrime Mobile Computing Applications Office 365 Mobile File Storage Going Green Data Loss Facebook Cybersecurty Save Time Operating System Smart Technology Amazon Smartwatch Computer Repair Content Filter Workstations Customer Service SMB Active Directory Battery Two-factor Authentication Payroll Windows Server 2008 HIPAA Finance Development Encryption Electronic Medical Records Advertising Blockchain Gamification The Internet of Things Break/Fix Window 10 Professional Services Workers Bandwidth Virtualization Update Telephone Downtime Analysis Virtual Assistant Remote Working Projects Point of Sale Retail Bring Your Own Device Augmented Reality Organization Holidays Google Maps Windows Robot Cast Keyboard Safety Identities Memory Admin Computer Fan 5G Social Updates Investment Communitications Microsoft Excel Humor Computer Forensics Hyperlink Hard Disk Drive Workstation Shortcut Threats Identity Theft Adobe Wireless Charging App store Business Strategy Reviews Net Neutrality Work Security Cameras Processor Websites OneDrive Politics Search Charger Consultant Micrsosoft Managing Stress Emergency Legislation PDF Best Practice Medical IT Tablets Vendor Management Microsoft Word ROI Hosted Desktop USB Books File Sharing How To Gmail Wasting Time Miscellaneous Telework Excel Scams Worker Commute Scam WannaCry Mobile Security Experience Tech Support Emails IT Solutions Workplace Strategy Benchmarks Gifts Data Theft Television CrashOverride Sabotage HBO Digital Signage Comparison Apps Language Keyboard Shortcuts Computer Care eCommerce NFL Relocation Biometrics Windows Server 2008 R2 Smart Devices Virtual Reality Storage Current Events PowerPoint Accessory Audits Employee Managed Services Provider Licensing Law Enforcement Identity Fraud Display Webinar WIndows Server 2008 Authentication PC Touchscreen Computer Tips Worker Specifications Text Messaging Unsupported Software Policy eWaste Video Games Testing WiFi Data Storage Sports IT budget Peripheral iOS Solutions Sync Facebook Privacy Reputation Data Privacy Music Edge Scalability Google Assistant Co-Managed Services Google Drive IT solutions Internet Service Provider Patch Management Windows 8.1 Credit Cards Innovations Camera Chrome IT Management Sales Office Tips Virus Financial Root Cause Analysis Procedure YouTube Windows Ink Health Device Security Unified Threat Management Screen Mirroring CRM Cortana Access Control Alert Computer Accessories Hard Drive Analytics Google Docs Internet Exlporer Ciminal Twitter Windows 10s Outlook Voice Myths FAQ HaaS Settings Server Maintenance Inventory