Microsoft, CISA provide Azure Cosmos DB guidance in wake of vulnerability

Azure customers should make sure they’re not vulnerable.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

What you need to know

Toward the end of August, anAzure vulnerability was exposed— one that may have existed for months, if not entire years. Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have addressed the issue (viaReuters).

In a Microsoft Security Response Centerblog post, the company not only outlined the situation but also gave advisement on how to ensure safety going forward:

This vulnerability only affects a subset of customers who had the Jupyter Notebook feature enabled. Notifications have been sent to all customers that could be potentially affected due to researcher activity, advising they regenerate their primary read-write key. Other keys including the secondary read-write key, primary read-only key, and secondary read-only key were not vulnerable.

CISAsaid the same, advising that customers regenerate certificate keys to remain protected. CISA also recommended taking a look at anAzure Cosmos DB security docfrom Microsoft.

Microsoft claimed no data had been compromised as a result of the aforementioned vulnerability but still sent out notifications to potentially affected parties. The company also paid out $40,000 to the group that discovered the vulnerability.

If you want to know how much that’s worth on the scale Microsoft uses to pay out vulnerability catchers, check out how much the company haspaid out to bug hunters since July 2020. You’ll notice that number, $40,000, is a lot smaller than the most one might get for discovering a vulnerability withWindows 11, though even the maximum figure for Windows 11 may not be as big as you expect.

Get the Windows Central Newsletter

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

Robert Carnevale is the News Editor for Windows Central. He’s a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author ofCold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.