‘CosMiss’ vulnerability found in Microsoft Azure developer tool
Microsoft addressed a vulnerability affecting a tool used by developers within its Azure cloud computing service, according to researchers from the tech giant and cybersecurity firm Orca Security.
Both released a report on Tuesday outlining a vulnerability dubbed “CosMiss” in Jupyter Notebooks for Azure Cosmos DB — an open-source interactive developer environment allowing users to create and share documents that have live code, equations and more.
A Microsoft spokesperson said 99.8% of Azure Cosmos DB customers do not use Jupyter notebooks and are not vulnerable to this issue because the tool is currently in preview.
To exploit the bug, an attacker would need to know the session’s ‘Globally Unique Identifier’ — also known as GUID. The number is used by developers working with Microsoft technology.
Jupyter Notebooks for Azure Cosmos DB are run in the context of a temporary notebook workspace which have a maximum lifetime of one hour, a Microsoft spokesperson noted, adding that after one hour, the workspace and all data inside it — including notebooks — are automatically deleted.
“The bug was introduced on August 12th and fully patched worldwide on Oct 6th, two days after it was reported. To exploit it, an attacker would have to guess a 128-bit cryptographically random GUID of an active session and use it within an hour,” Microsoft explained.
“Microsoft conducted an investigation of log data from August 12th to Oct 6th and did not identify any brute force requests that would indicate malicious activity. No customers were impacted, and no action is required.”
If a hacker is somehow able to guess the GUID, Microsoft said the attacker would “gain read/write access to the notebooks in the victim’s workspace.”
The impact of the breach would be limited to the one-hour period when the temporary notebooks workspace is active. It does not give an attacker access to other functions within the tool.
Microsoft thanked Orca Security for discovering the bug and the security company released its own report explaining exploitation of the issue, calling it a “highly important vulnerability.”
Orca Security researchers told The Record that they checked the fix and confirmed that all users of the tool are now protected.
The researchers noted that the tool is used “extensively in Microsoft’s own e-commerce platforms and in the retail industry for storing catalog data and for event sourcing in order processing pipelines.”
Since Cosmos DB Notebooks are used by developers to create code, they can at times contain highly sensitive information such as secrets and private keys embedded in the code, Orca Security researchers explained.
“Jupyter Notebooks are built into Azure Cosmos DB, and are used by developers to perform common tasks, such as data cleaning, data exploration, data transformation, and machine learning,” the researchers said.
“This is especially risky since Cosmos DB Notebooks are used by developers to create code and often contain highly sensitive information such as secrets and private keys embedded in the code.”
Suggest an edit to this article
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- Voice ID: How Secure is it Really? - 2 March 2023
- Enterprise users infected by RIG Exploit Kit thanks to Internet Explorer - 27 February 2023
- Google Open-Source Vulnerability Scanning Tool - 18 February 2023