Microsoft warned of a critical vulnerability in Cosmos DB

Critical vulnerability in Cosmos DB

Microsoft has warned thousands of Azure customers of a critical Cosmos DB vulnerability. The bug allows any user remote database management, and grants administrator rights without the need for authorization.

The problem was discovered by the research team of the cloud security company Wiz. Experts named the vulnerability ChaosDB and reported it to Microsoft on August 12, 2021. At the same time, according to the researchers, the vulnerability was hidden in the code “for at least several months, and possibly years.” Microsoft paid Wiz a $40,000 fee for this bug.

The bug allowed attackers to exploit a chain of bugs associated with the work of the open source Jupyter Notebook functionality, which is enabled by default and is designed to help clients visualize data.

Critical vulnerability in Cosmos DB

The successful operation allowed access to the credentials of other Cosmos DB users, including the primary key that enables full and unrestricted remote access to databases and Microsoft Azure customer accounts.

There is a trivial exploit for this vulnerability that does not require prior access to the target environment and affects thousands of organizations, including many Fortune 500 companies.the researchers said.

Microsoft ultimately disabled the feature within 48 hours of receiving the report and notified over 30% of Cosmos DB customers of a potential security breach.

It is worth noting that since February 2021, since all new Cosmos DB instances are created with Jupyter Notebook features enabled, Cosmos DB will automatically disable Notebook functionality if it has not been used within the first three days. This is why the number of affected Cosmos DB clients is so small, it is estimated that about 70% of clients either disabled Jupyter Notebook manually or automated it. However, according to Wiz, the actual number of affected users is likely much higher given the vulnerability has been around for a very long time.

At Microsoft’s request, researchers will have publish technical information about ChaosDB, as it could help attackers develop their own exploits, but experts promise to release a detailed white paper soon.

To mitigate risk and block potential attacks, Microsoft recommends Azure customers to recreate Cosmos DB primary keys that may have been stolen before the affected feature was disabled.

According to Microsoft, there is no evidence that attackers discovered and exploited the Chaos DB vulnerability before the Wiz experts.

Let me remind you that I also talked about the fact that Microsoft Warns of New Print Spooler Vulnerability.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

View all of Vladimir Krasnogolovy's posts.

Leave a comment

Your email address will not be published. Required fields are marked *