Microsoft Azure Cloud Services Users Requested To Change Keys After Vulnerability Warning

Microsoft Azure cloud services users are now being urged by cybersecurity experts to change their digital access keys. It comes even if they are not part of the 3,300 who are affected by the massive vulnerability.

Microsoft Azure Cloud Services Users Requested To Change Keys After Vulnerability Warning

By Teejay Boris

The logo of French headquarters of American multinational technology company Microsoft, is pictured outside on March 6, 2018 in Issy-Les-Moulineaux, a Paris’ suburb.

Last Aug. 27, security experts warned that over 3,000 users of the Microsoft Azure Cosmos DB are exposed to the risk of a security breach after a massive vulnerability was discovered.about:blank

The Azure vulnerability allows anyone to have admin privileges remotely.

As per UrgentComm, the security vulnerability exposed prominent companies, such as Rolls-Royce, Coca-Cola, Siemens, Mercedes Benz, Symantec, and Citrix, among others.

After discovering it, Wiz notified Microsoft about the cloud security flaw three days after. Within 24 hours, Microsoft went on to shut down the Jupyter Notebook feature, an interactive cloud app for data science, the head of research in Wiz said.

Microsoft Azure Cloud Services Customers Urged by Cybersecurity Experts

Since then, Microsoft has already fixed the issue and urged the 3,300 affected users to change their keys.

The tech giant wrote that “though no customer data was accessed, it is recommended you regenerate your primary read-write keys.”

However, according to Reuters, cybersecurity experts are still encouraging all Microsoft Azure users to change their digital access keys even if they are not identified as part of the breach.

The security experts from Wiz who discovered the massive security flaw also issued a much broader warning to the users of Microsoft Azure. It is to note that the founder of Wiz used to be part of the in-house security team of Azure.

One of the experts that work on unraveling the significant vulnerability, Wiz Chief Technology Officer Ami Luttwak, noted that it is difficult to simply rule out that no one had used the security flaw before.

It is contrary to the claims of Microsoft that no data was breached by the flaw as it was hiding in plain sight before being discovered by Wiz.

Among the lead researchers of the security study, Sagi Tzadik, further said that hopefully what Microsoft is saying is true because “it’s terrifying.”

Microsoft Azure Customers and US Homeland Security

Meanwhile, the United States Department of Homeland Security, through its Cybersecurity and Infrastructure Security Agency, also strongly warned the users of Microsoft’s Azure cloud platform during its bulletin last Friday, Aug 27.

To be precise, the agency said that “CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key,”

Elsewhere, Microsoft released the Windows 11 preview to Azure Virtual Desktop.

Originally published at Tech times

Leave a Reply