Summary Summary Microsoft is aware and actively addressing the impact associated with the recent OpenSSL vulnerabilities announced on October 25th 2022, fixed in version 3.0.7. As part of our standard processes, we are rolling out fixes for impacted services. Any customer action that is required will be highlighted in this blog and our associated Security Update Guides (CVE-2022-3786 Security Update Guide and CVE-2022-3602 Security Update Guide).
Month: November 2022
Generally available: Encrypt storage account with cross-tenant customer-managed keys
Azure Storage now supports customer-managed keys using a key vault on a different Azure Active Directory tenant.
General availability: Microsoft Azure Payment HSM Service
Secure your digital payment system in the cloud with Azure Payment HSM.
Generally available: Azure Databricks SQL Pro
Beginning in November, Azure Databricks customers have an additional option for SQL compute, with Azure Databricks SQL Pro, which provides enhanced performance and integration features.
Generally available: Device Update for IoT Hub
Use Device Update for IoT Hub to publish, distribute, and manage over-the-air updates for everything from tiny sensors to gateway-level devices.
Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB
Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB (currently in preview) reported by Orca Security. Customers not using Jupyter Notebooks (99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks) were not susceptible to this vulnerability. The bug was introduced on August 12th and fully patched worldwide …
Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB Read More »
Microsoft Mitigates Vulnerability in Jupyter Notebooks for Azure Cosmos DB
Summary Summary Microsoft recently fixed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB (currently in preview) reported by Orca Security. Customers not using Jupyter Notebooks (99.8% of Azure Cosmos DB customers do NOT use Jupyter notebooks) were not susceptible to this vulnerability.
The bug was introduced on August 12th and fully patched worldwide on Oct 6th, two days after it was reported.