Security News > 2021 > August > Microsoft shares guidance on securing Azure Cosmos DB accounts
Microsoft issued guidance on securing Azure accounts that may be impacted by a recently addressed Cosmos DB critical vulnerability, giving attackers full admin rights to users' data without authorization.
To mitigate the risk and block attackers who might've stolen your Cosmos DB primary read-write keys before the vulnerable feature was disabled, Microsoft advises regenerating the Cosmos DB keys.
All Azure Cosmos DB customers use a combination of firewall rules, vNet, and/or Azure Private Link on their account.
Role Based Access Control allows per user and security principal access control to Azure Cosmos DB - those identities can be audited in Azure Cosmos DB's diagnostic logs.
Microsoft also added that it's including additional safeguards and monitoring to detect future attempts to gain access to its customers' Cosmos DB accounts without authorization.
The US Cybersecurity and Infrastructure Security Agency has also urged Azure Cosmos DB customers to rotate their keys and check Microsoft's guidance on how to Secure access to data in Azure Cosmos DB. "Although the misconfiguration appears to have been fixed within the Azure cloud, CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate keys," the cybersecurity agency said.