Researchers reveal now fixed hole in Microsoft’s Azure Cosmos DB security

Microsoft has warned Azure customers in a vulnerability in its Cosmos DB cloud database software after a security company found that they could access information from “thousands of companies,” according to Reuters. The security company, Wiz, found that by exploiting a flaw in Jupyter Notebook, an open source project that allows document and code sharing via a web browser. Jupyter Notebook has been around for years, but has been enabled by default for Azure Cosmos DB customers.

There has been “no evidence that the flaw has been exploited,” but researchers at Wiz were able to gain access to encryption keys that then allowed them access to Cosmos DB databases. Microsoft says it “fixed the issue immediately,” and notified customers via email that although the vulnerability is fixed, they would need to change their access keys.

Microsoft has had its share of problems with cybersecurity as ransomware and other attacks on software vulnerabilities are becoming more and more common. This week, tech CEOs met at the White House to discuss cybersecurity with US President Biden, where Microsoft pledged $20 billion to advance its security solutions over the next five years.