Microsoft announces cloud database vulnerability

Microsoft has told thousands of its cloud computing customers about a database security flaw.

The statement, originally reported by Reuters, said that third parties could read, change, or even delete businesses’ main databases.

The vulnerability was discovered in Microsoft Azure’s Cosmos database product by Ami Luttwak, chief technology officer at Israeli cybersecurity group Wiz.

Luttwak was previously chief technology officer at Microsoft’s cloud security division.
Microsoft told users to change their security keys in the email, as Microsoft is unable to do this by themselves.

According to Microsoft, Cosmo is used by a significant number of large corporations worldwide, including Coca-Cola, Exxon Mobil, and Citrix.

The software giant is set to pay Wiz $40,000 for identifying and reporting the vulnerability.
Microsoft’s email as reported by Reuters said there was “no indication that external entities outside the researcher (Wiz) had access to the primary read-write key.”

Wiz said the vulnerability stemmed from a feature called Jupyter Notebook, added in 2019 to Cosmos DB, that allows customers visualise their data and create customised views.

Jupyter Notebook was automatically turned on for all Cosmos DBs in February 2021.

The news comes after a Microsoft vulnerability was exploited in the Solarwinds cyberattack in December 2020, which impacted over 200 organisations worldwide.

    Share Story:

Recent Stories


Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.