 |
| Microsoft exposes a vulnerability in the customer support database |
Microsoft discovered a vulnerability in the last month of 2019, and Tadwina's OSC Security Response Center said it had not properly deployed an internal customer support database that stores anonymous user analysis that still does not have the appropriate protection word at 12. Adopted from 5 May to December 31.
Bob Dyachenko, Security Discovery researcher, discovered the database and sent it to Microsoft. According to security researchers, the general customer support database includes five Elasticsearch servers, a technology that simplifies search.
The five servers store the same data, reflect each other, and can be expanded to 14 years of customer support records. Years. "
These servers contain around 250 million entries containing information such as email addresses, IP addresses, and support information. The software provider states that most records do not contain the user's personal information. ,
The company added: "The data stored in the support case study database is modified using automated tools to erase personal information as part of Microsoft's standard business instructions."
The company announced that although malicious data usage was not identified, affected customers were notified and that an incorrectly configured Azure Security Rule was set on December 5, which has now been resolved.
Microsoft is currently reviewing network security rules for internal resources, expanding security-based configuration error detection mechanisms, adding additional warning messages to the team when configuring security policy errors and implementing additional review automation.