Researchers who identified a significant hole in Microsoft Corp’s (MSFT.O) Azure cloud platform’s primary databases on Saturday advised all users, not just the 3,300 it contacted last week, to change their digital access credentials. Researchers from Wiz, a cloud security firm, revealed this month that they might have gotten their hands on the primary digital keys for most Cosmos DB database system users, allowing them to steal, edit, or destroy millions of information.
Wiz alerted Microsoft, which quickly repaired the configuration error that would have let any Cosmos user easily access other customers’ databases, then told some users to alter their keys on Thursday.
Microsoft warned customers who had set up Cosmos access during the week-long study period in a blog post on Friday. It said that it discovered no evidence that any attackers had exploited the same weakness to get access to client data.
In a bulletin sent Friday, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency used harsher wording, indicating that it was not only referring to individuals who had been alerted. In a bulletin sent Friday, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency used harsher wording, indicating that it was not only referring to individuals who had been alerted.
“CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key,” the agency said. Wiz, a company created by four former members of Azure’s internal security team, agreed.“In my estimation, it’s really hard for them, if not impossible, to completely rule out that someone used this before,” said one of the four, Wiz Chief Technology Officer Ami Luttwak. At Microsoft, he developed tools for logging cloud security incidents.
When asked if Microsoft had full records for the two years when the Jupyter Notebook feature was misconfigured, or if it had utilized another method to rule out access abuse, Microsoft did not respond directly.
“We expanded our search beyond the researcher’s activities to look for all possible activity for current and similar events in the past,” Ross Richendrfer, a representative for the company, declined to answer any more questions. Wiz said Microsoft had collaborated closely on the study, but he wouldn’t reveal how it knew earlier customers were secure.
