Did you know that some threats can remain undiscovered for months, or even years? Unfortunately, this happened with the Microsoft Azure database. This exploit was discovered by the cloud service provider Wiz. Let’s take a look at the Azure exploit and what they found out about it.
This vulnerability is called Choas DB and it is capable of providing write and read access to any database on the service, meaning someone else can read, write, delete and access your items. At the time there is no evidence that the exploit was used by attackers or hackers, but it is still a major issue that you should be aware of. This vulnerability was a result of Microsoft deploying its default settings for one of its services.
This service was Jupyter Notebook and is a feature that is found in Cosmos DB. Wiz realized this feature was enabled automatically for Cosmos DB in February 2021, but the issue could have gone back as far as 2019 when Jupyter was first made a feature. Because of a misconfigured setting, Jupyter allows users to take the primary keys of other users. These primary keys give the key holder the ability to write, read and delete data on their database, which is absolutely not what we want to happen.
Primary keys are much are important credentials that do not expire. If a hacker were to get ahold of your keys, the only solution would be to rotate them out so they are no longer useful. If this doesn’t happen, anyone with your keys can be gain privileges to your database. Wix recommends that anyone who has Jupyter rotate their keys, even if you haven’t been using it for very long.
Microsoft has now taken action to make sure the Choas DB vulnerability cannot be accessed, but it is so important to rotate your primary keys so you absolutely cannot be affected. Microsoft has issued a warning to all customers who were affected with instructions on how to limit the vulnerability.
You should always be taking action to upkeep your business’ security. At MyTek, we can help you always stay in the know on subjects like these. Give us a call today at 623-312-2444 to learn more about the Azure exploit and how to prevent further exploitations.