Microsoft Azure Cosmos DB Guidance

Original release date: August 27, 2021 | Last revised: August 31, 2021

CISA is aware of a misconfiguration vulnerability in Microsoft’s Azure Cosmos DB that may have exposed customer data. The misconfiguration has been fixed within the Azure cloud, and Microsoft has notified the customers who potentially would have been impacted.

CISA strongly encourages those Azure Cosmos DB customers to roll and regenerate their certificate keys and to review Microsoft’s guidance on how to Secure access to data in Azure Cosmos DB. For more information about this vulnerability, please review Microsoft’s Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature.

This product is provided subject to this Notification and this Privacy & Use policy.