Microsoft’s Azure cloud platform has exposed the database and records of approximately 3,300 clients, and that also includes Fortune 500 enterprises as well. The clients had used a data-science feature that was made available on the platform since 2019. Per cloud security firm Wiz, researchers have recently discovered that one of the features present in the platform had allowed anyone to retrieve the data of other companies. In his article for Dark Reading, Robert Lemos shares insight on the incident and how Microsoft intends to tackle the situation.
Vulnerability in Jupyter Notebooks
The incident came to light when Microsoft discovered a privilege-escalation vulnerability in its Jupyter Notebooks that is considered a popular web application among data science users. This error allowed the researchers to exploit the primary database keys of other companies, that included Rolls Royce, Coca-Cola to name a few. Wiz informed Microsoft about the debacle within three days of its occurrence. Microsoft shut down the access to Jupyter Notebooks within 48 hours.
Resolving the Situation
Microsoft sent an advisory to all the customers whose data had been put at risk by Jupyter Notebooks. A May survey stated that although cloud service providers claim to be more capable of keeping their clients’ data safe and organized, a single vulnerability can risk the data of thousands of companies. The cloud service providers ensure the safety of clients’ data, but 60% of the users are concerned with their security when they move to cloud-native infrastructure.
Microsoft recently published instructions on how to secure access to Cosmos DBs a few days ago. Wiz and Microsoft recommended their clients manually revoke their access keys and generate new ones.
Click on the link to read the article: