Reuters: Microsoft Azure Vulnerability Leaves Remote Database Records Vulnerable

Microsoft reportedly issued a warning to thousands of Azure customers that attackers might be able to read, alter or remove critical database records stored on its cloud-based servers. According to Reuters, this vulnerability could affect “some of the world’s largest companies.”

Per the news outlet, security company Wiz uncovered access to Azure “access keys” that could provide access to the databases; according to reports, no content has yet been exploited.

Microsoft, which Reuters noted cannot change the affected keys, sent an email to its customers last week requesting that they establish new ones.

“We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure,” Microsoft told Reuters. Microsoft also noted to Reuters that “customers who may have been impacted received a notification from us.”

The issue, which is dubbed “ChaosDB,” was found in the Jupyter Notebook visualization tool, which Reuters noted has been “available for years” but enabled by default in Cosmos in February 2021.