fbpx
Mytek Logo
MyTek Logo

Vulnerabilities Found Inside Azure-Linked Managed Database Service

by | Oct 4, 2021 | Cloud, MyTek Blog

Q

Subscribe To The Blog

By subscribing to the blog, you will be notified when a new blog post is created on the site.

Did you know that some threats can remain undiscovered for months, or even years? Unfortunately, this happened with the Microsoft Azure database. This exploit was discovered by the cloud service provider Wiz. Let’s take a look at the Azure exploit and what they found out about it.

This vulnerability is called Choas DB and it is capable of providing write and read access to any database on the service, meaning someone else can read, write, delete and access your items. At the time there is no evidence that the exploit was used by attackers or hackers, but it is still a major issue that you should be aware of. This vulnerability was a result of Microsoft deploying its default settings for one of its services.

This service was Jupyter Notebook and is a feature that is found in Cosmos DB. Wiz realized this feature was enabled automatically for Cosmos DB in February 2021, but the issue could have gone back as far as 2019 when Jupyter was first made a feature. Because of a misconfigured setting, Jupyter allows users to take the primary keys of other users. These primary keys give the key holder the ability to write, read and delete data on their database, which is absolutely not what we want to happen. 

Primary keys are much are important credentials that do not expire. If a hacker were to get ahold of your keys, the only solution would be to rotate them out so they are no longer useful. If this doesn’t happen, anyone with your keys can be gain privileges to your database. Wix recommends that anyone who has Jupyter rotate their keys, even if you haven’t been using it for very long.

Microsoft has now taken action to make sure the Choas DB vulnerability cannot be accessed, but it is so important to rotate your primary keys so you absolutely cannot be affected. Microsoft has issued a warning to all customers who were affected with instructions on how to limit the vulnerability.

You should always be taking action to upkeep your business’ security. At MyTek, we can help you always stay in the know on subjects like these. Give us a call today at 623-312-2444 to learn more about the Azure exploit and how to prevent further exploitations.

ABOUT THE AUTHOR

Tim - Team

Tim Tiller, LMSW

 
Tim Tiller, MSW brings a deep service background to his role at Mytek, having graduated from McDonald’s management training program, fresh out of high school, and working his way up through the ranks in the hospitality industry. He has led two prior companies – Multi-Systems Inc., an IT-focused organization providing technology to hospitality companies (where he was named President at age 36), and most recently, as Chief Operating Officer for Jewish Voice Ministries International.

Q

Subscribe To This Author

By subscribing to the author, you will be notified when a new blog post is created by the author.

AUTHOR’S RECENT POSTS

Types of Mobile Malware & How to Defend Against Them

Malware has a long history of undermining computer security and stealing critical data. With the rapid growth of mobile usage, we're now seeing a new breed of mobile malware infecting smartphones and tablets. The new-age mobile malware are more advanced, seamless, and...

How to Protect Your Data Privacy & Enhance IT Security

Every time you use a device, you enter, modify or access data. Some of your usages are routine and public but sometimes you perform tasks that are confidential in your personal life or business. Naturally, this type of data is private and it should be kept that way....

What to Look for in a Cybersecurity Partner

Cybersecurity in the post-pandemic world is vastly different from what it was a few years back. Enterprises and SMBs are up against more sophisticated, damaging, and resilient attacks that require specialized experts to address, contain and mitigate them in time. If...

Mobile? Grab this Article!

QR Code

Blog Archive

Share This