Microsoft Azure Vulnerability Affects Millions
Microsoft warned that its Azure cloud computing platform had a vulnerability that potentially exposed data to hackers for years.
Microsoft Warns of Azure Vulnerability
Microsoft Azure is big business. It generates about 120,000 new subscriptions per month. Azure Active Directory currently hosts around three quarters of a million users. And 85% of Fortune 500 companies use Azure for their cloud computing needs. We are talking about brands such as Coca Cola, IBM, Gartner, Liberty Mutual Insurance, ExxonMobil, Walgreens, and Salesforce.com.
So it must have been quite a shock for the IT departments in some of these companies to wake up to a warning from Microsoft a few days ago that its Azure cloud computing platform had a vulnerability that had potentially been exposing their data to hackers for the past two years.
A recent blog post by Wiz outlined the flaw in Microsoft’s Azure Cosmos DB database that provided attackers with unrestricted access. A new visualization feature introduced in 2019 inadvertently opened that door. To make matters worse, that same feature was turned on by default after a Microsoft update at the beginning of 2021.
What is the Microsoft Azure vulnerability?
Researchers at Wiz warned that this is a very serious cloud vulnerability impacting the central database of Azure. Intruders can use it to swiftly obtain customer databases. Once published, Microsoft was quick to run interference on the breaking news. It claims there is no evidence that the vulnerability led to any illicit data access or exploitation by malicious actors.
But that doesn’t say the bad guys haven’t been using it. It simply means the company has failed to uncover concrete examples of unauthorized access during its ongoing investigations. There may be more revelations to come as investigators dig deeper, and the impacted companies check their own logs and systems.
Already in the Wild
The vulnerability has been in the wild for two years. And widespread news of it has been out there for about a month. Even though the faulty feature update has now been fixed and that route of entry has been disabled, there is still plenty of room for cyber-mischief.
It is a well-known fact that criminals find the most success by exploiting well-publicized security holes. For a variety of reasons, companies fail to take effective remedial action in a timely manner despite being warned about such issues. In some cases, they let high-priority security patches go undeployed for months. The reasons behind this range from overwork, cumbersome testing processes, and manual patching, to in some cases neglect.
In the case of this Azure problem, the companies impacted by the exploit are still required to manually change their primary access keys to mitigate exposure. The sad fact is that many won’t.
There is also the fact that if cybercriminals managed to gain entry before Microsoft fixed the problem, they could easily have installed other malware or backdoors to enable them to continue their nefarious actions.
What’s the Solution?
- Companies must take the required remedial action as required by Microsoft such as changing their access keys.
- All patches, especially high priority patches must be deployed, and verified to be in place.
- Vulnerability scans must immediately be conducted to determine if there is any anomalous behavior, unusual patterns, or other evidence of the presence of malware.
- Anything found must be investigated and remedied rapidly.
In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution. It also offers a way to consolidate IT management, vulnerability scanning, and patch management into one integrated suite.