Microsoft fixes vulnerability in Azure Database for PostgreSQL Flexible Server

A Microsoft logo is seen during the Microsoft Build Conference 2015 on April 29, 2015 at the Moscone Center in San Francisco. (Photo by Stephen Lam/Getty Images)

Researchers discovered a chain of critical vulnerabilities in the widely used Azure Database for flexible server PostgreSQL on Thursday.

In a blog post, Wiz researchers said they reported the vulnerability to Microsoft in January. Microsoft has confirmed that the issue has been fully mitigated and no action is required by Azure customers. Microsoft also added that it was not aware of any attempts to exploit this vulnerability.

Double #ExtraReplica, the vulnerability allows unauthorized read access to other customers’ PostgreSQL databases, bypassing tenant isolation. Wiz researchers claim that if exploited, a malicious actor could replicate and gain read access to Azure PostgreSQL Flexible Server customer databases.

As more and more services are offered in the cloud, we are being reminded that the cloud is not only someone else’s computer, but it is also becoming someone’s software. another, said Davis McCarthy, senior security researcher at Valtix.

“The Azure Database vulnerability shows us that the more trust we place in the cloud, the more likely we are to uncover new attack surfaces,” McCarthy said. “Whether it’s the baseless assumption that cloud workloads don’t need layered defense or that the cloud service provider is invulnerable, the business needs to reframe its idea of security to benefit from the scalability offered by the cloud.”

Tim Wade, Deputy CTO at Vectra, added that inevitably the risks of crossing data security boundaries in the cloud will surface.

“Fortunately, the reduced risk associated with transitioning from legacy IT infrastructure and adopting modern, resilient cloud architectures makes it a fair price to pay,” Wade said.

Maria H. Underwood