Microsoft warns thousands of cloud clients about database exposure

Microsoft is warning thousands of its cloud computing clients that hackers could read, alter or delete their databases because of a vulnerability, according to an Aug. 26 CNBC report.

Seven things to know:

  1. The vulnerability is on Microsoft Azure's Cosmos database. A security team at Wiz uncovered that a hacker could access keys that control access to the databases used by thousands of companies.

  2. Microsoft cannot change the keys itself and emailed its clients Aug. 26, telling them to create new keys. Microsoft paid Wiz $40,00 for finding the flaw and reporting it, according to an email Wiz shared with CNBC.

  3. Microsoft told its clients in an email that the vulnerability has been fixed, and there is no evidence indicating the flaw was exploited.

  4. Ami Luttwak is the chief technology officer at Wiz and the former chief technology officer at Microsoft's Cloud Security Group.

  5. "This is the worst cloud vulnerability you can imagine. It is a long-lasting secret," Mr. Luttwak said. "This is the central database of Azure, and we were able to get access to any customer database that we wanted."

  6. Wiz uncovered the flaws Aug. 9 and notified Microsoft on Aug. 12.

  7. Microsoft has been connected to several cybersecurity flaws in the last few months. More than a thousand web apps that use Microsoft's Power Apps portal service exposed 38 million records. A Windows print service flaw gave remote users access to execute code on client's computer systems. Microsoft told its customers to refrain from printing until the vulnerability was fixed.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Articles We Think You'll Like

 

Featured Whitepapers

Featured Webinars