Microsoft Azure Vulnerability! Database Can Be Read, Edited, Deleted
For enterprise-level applications, normal servers do not work, as the load on servers can suddenly get immense. But cloud servers like Microsoft Cloud, Google Cloud, AWS have been specifically designed to handle such critical, heavy, workloads without any stress. Therefore every MNC prefers to use these cloud services for hosting their applications. However, according to the latest news it is being said that Microsoft Azure has been found with a critical Vulnerability. So today we’re going to discuss everything you should know about this latest cloud breach.
Where is the Vulnerability in Microsoft Azure?
- From the reports, the vulnerability has been found in
Microsoft Azure’s flagship Cosmos DB database.
Microsoft has started to warn its users about this same issue.
Who Found This Microsoft Azure Vulnerability?
- A
Research Team At Security Company Wiz
found out about this Vulnerability in Microsoft Azure systems.
- The team found that attackers can get access to the keys that give access to the database.
Also Read: FatalRat Trojan Exploiting Telegram
Is This Vulnerability Patched?
- To fix this issue, keys from every Microsoft Azure Cosmos DB client needs to be changed. However, Microsoft has sent emails to the clients for changing their keys. Microsoft alone cannot change keys for every client.
- Also, a key thing to note here is that this vulnerability has been available in a visualization tool called Jupyter Notebook. But with the new update of Cosmos DB, this flaw has been there since February of this year.
What can Attackers Do?
- If an attacker gets access to these keys, then he/she can easily read the entries of the database. Not only that but privileges of editing and deleting the database will be granted to the attacker.
Have Vulnerability Founders Rewarded?
- Yes, Microsoft has said to be paying a
Total Of $40000
to the research team who reported this flaw