BackMicrosoft tells customers to change digital access keys
Security researchers from a company called Wiz had informed the technology giant that a loophole in their systems allowed hackers to access the keys that would control access to companies’ databases held in Microsoft’s Cosmos DB database
PremiumNEW DELHI : Last week, tech giant Microsoft asked many of its customers to update the access keys to their databases held in the company’s Azure cloud service. Security researchers from a company called Wiz had informed the technology giant that a loophole in their systems allowed hackers to access the keys that would control access to companies’ databases held in Microsoft’s Cosmos DB database.
In an updated blog post, the security firm also detailed ways for Microsoft’s customers to find out whether their internal systems may be affected.
“There are two main remediation steps to perform. The first is to replace the CosmosDB primary keys and the second step is to reduce network exposure of CosmosDB accounts as much as possible," the researchers said in the updated blog post. “For the key regeneration, the security teams should ask all DB owners to replace their primary keys as explained below and they can use the powershell script attached below for monitoring of the key upgrade process.
In an earlier post on 26 August, the researchers had said that the vulnerability in Microsoft’s systems could allow hackers “unrestricted access" to accounts and databases of “several thousand Microsoft Azure customers, including many Fortune 500 companies. Reuters reported that Microsoft had paid the company $40,000 for responsibly reporting the leak to the company.
“Microsoft’s Security Team deserves enormous credit for taking immediate action to address the problem. We rarely see security teams move so fast! They disabled the vulnerable notebook feature within 48 hours after we reported it. It’s still turned off for all customers pending a security redesign," the blog post from Wiz said.
Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!
