Security News > 2021 > August > Microsoft warns Azure customers of critical Cosmos DB vulnerability

Microsoft has warned thousands of Azure customers that a now-fixed critical vulnerability found in Cosmos DB allowed any user to remotely take over other users' databases by giving them full admin access without requiring authorization.
"Microsoft has recently become aware of a vulnerability in Azure Cosmos DB that could potentially allow a user to gain access to another customer's resources by using the account's primary read-write key," the company told customers.
Successful exploitation enabled them to access other users' Cosmos DB credentials, including their primary key, which provided them with complete and unrestricted remote access to Microsoft Azure customers' databases and accounts.
According to the Wiz research team, the actual number of impacted customers is likely a lot larger as it probably includes most Cosmos DB customers, given that the ChaosDB vulnerability was present and could've been exploited for months before their disclosure.
To mitigate the risk and block potential attacks, Microsoft advises Azure customers to regenerate the Cosmos DB Primary Keys that could've been stolen before the vulnerable feature was disabled.
If you are using the Azure Cosmos DB Core API, consider using the Azure Cosmos DB role-based access control to authenticate your database operations with Azure Active Directory instead of primary/secondary keys.
News URL
Related news
- Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability (source)
- Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators (source)
- Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)