Microsoft warns cloud clients of opened databases

Microsoft Makes a Comeback in Mobile Phone Business

Microsoft warns cloud clients of opened databases

On Thursday, Microsoft informed its cloud computing clients that intruders might have access to change, read, or delete their primary databases. According to a cybersecurity researcher and a copy of the email, those clients include some of the world’s largest companies.

The experts noticed the vulnerability in Azure’s database. An investigation team at Wiz, which is a security company, discovered that it could access codes that control access to databases owned by thousands of companies. On Thursday, as Microsoft was not able to change the codes by itself, it decided to email the clients, reporting them to create new ones. According to an email, Microsoft admitted to paying Wiz $40,000 for getting the flaw and writing it to Wiz.

Overview of the matter

Microsoft told Reuters that they fixed this issue immediately to keep their clients secure and protected. The company added that the security researchers worked hard to coordinate vulnerability disclosure.

However, Microsoft’s email to clients said that the team did not find any evidence of the exploited flaw. The email said they did not indicate that external entities outside the researcher team accessed the main read-write key.

Ami Luttwak, a retired chief technology officer at Microsoft’s Cloud Security Group, is now a Wiz Chief Technology Officer. Luttwak told Reuters that this issue was the most critical cloud vulnerability someone can imagine.

Luttwak also said that at the beginning of August, Luttwak’s team discovered the issue, named ChaosDB, and notified Microsoft.

Last week, another Exchange flaw indicated an urgent U.S. government notification requiring clients to install patches issued several months ago. It should be done because ransomware groups are now exploiting it.

Problems with Azure are making trouble. That happens because security experts and Microsoft pushed companies to rely on the cloud for more security after dropping their infrastructure.

More To Explore