Microsoft is warning thousands of its cloud computing clients that hackers could read, alter or delete their databases because of a vulnerability, according to an Aug. 26 CNBC report.
Seven things to know:
- The vulnerability is on Microsoft Azure's Cosmos database. A security team at Wiz uncovered that a hacker could access keys that control access to the databases used by thousands of companies.
- Microsoft cannot change the keys itself and emailed its clients Aug. 26, telling them to create new keys. Microsoft paid Wiz $40,00 for finding the flaw and reporting it, according to an email Wiz shared with CNBC.
- Microsoft told its clients in an email that the vulnerability has been fixed, and there is no evidence indicating the flaw was exploited.
- Ami Luttwak is the chief technology officer at Wiz and the former chief technology officer at Microsoft's Cloud Security Group.
- "This is the worst cloud vulnerability you can imagine. It is a long-lasting secret," Mr. Luttwak said. "This is the central database of Azure, and we were able to get access to any customer database that we wanted."
- Wiz uncovered the flaws Aug. 9 and notified Microsoft on Aug. 12.
- Microsoft has been connected to several cybersecurity flaws in the last few months. More than a thousand web apps that use Microsoft's Power Apps portal service exposed 38 million records. A Windows print service flaw gave remote users access to execute code on client's computer systems. Microsoft told its customers to refrain from printing until the vulnerability was fixed.