Researchers reveal now fixed hole in Microsoft’s Azure Cosmos DB security

Reading time icon 1 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Microsoft has warned Azure customers in a vulnerability in its Cosmos DB cloud database software after a security company found that they could access information from “thousands of companies,” according to Reuters. The security company, Wiz, found that by exploiting a flaw in Jupyter Notebook, an open source project that allows document and code sharing via a web browser. Jupyter Notebook has been around for years, but has been enabled by default for Azure Cosmos DB customers.

There has been “no evidence that the flaw has been exploited,” but researchers at Wiz were able to gain access to encryption keys that then allowed them access to Cosmos DB databases. Microsoft says it “fixed the issue immediately,” and notified customers via email that although the vulnerability is fixed, they would need to change their access keys.

Microsoft has had its share of problems with cybersecurity as ransomware and other attacks on software vulnerabilities are becoming more and more common. This week, tech CEOs met at the White House to discuss cybersecurity with US President Biden, where Microsoft pledged $20 billion to advance its security solutions over the next five years.