Microsoft has released recommendations to Azure accounts after the discovery of a critical vulnerability in Cosmos DB.
The vulnerability, known as <strong>ChaosDB</strong>, affects Microsoft Azure Cosmos DB, a globally distributed NoSQL database service used by a number of prominent clients including Exxon-Mobil, Mercedes-Benz, and Coca-Cola.
Cloud security firm Wiz uncovered the bug in the Jupyter Notebook feature. Threat actors able to exploit the vulnerability can steal their customers’ primary read-write keys, allowing them to remotely take over databases.
After discovering the bug, Microsoft says it sent warnings to over 30% of Cosmos DB customers about a potential vulnerability on August 26.
According to Wiz, the actual number of affected customers could be much higher than 30%, as most Cosmos DB customers would be affected, as ChaosDB was present and may have been exploited months before the discovery.
To further secure Azure Cosmos DB accounts, Microsoft has the following recommendations:
- <li>All Azure Cosmos DB customers use a combination of firewall rules, vNet and / or Azure Private Link on their account. These network protection mechanisms prevent access from outside your network and unexpected locations.</li><li>In addition to implementing network security controls, we encourage the use of Role Based Access Control. Role Based Access Control allows per user and security principal access control to Azure Cosmos DB – those identities can be audited in Azure Cosmos DB’s diagnostic logs.</li><li>If you cannot use Role Based Access Control, we recommend implementing regularly scheduled key rotations.</li><li>You can find additional security best practices in the Azure Cosmos DB security baseline documentation.</li>
For more information, view the original story from Bleeping Computer.