 |
| Microsoft warns thousands of cloud customers about vulnerabilities |
Microsoft has warned thousands of cloud computing customers, including some of the world's largest cloud computing customers, about the vulnerabilities their data has exposed over the past two years.
The vulnerability is located in the Cosmos Central Database in Microsoft Azure and affects more than 3,300 customers.
A research team at security firm Wiz has found that it can access the keys that control access to the databases of thousands of companies.
Since the company can't change these keys themselves, I email clients to generate new keys.
The software giant agreed to pay Wiz $40,000 to find and report the bug. She thanked the security researchers for coordinating the disclosure of the vulnerabilities.
The company's email to the customer stated that the vulnerability was immediately patched to keep the customer safe and secure, and there is no evidence of the vulnerability being exploited.
He added: "We have no indication that external entities other than Wiz Finder have access to key read and write keys.
“This is the worst cloud vulnerability you can imagine,” Wiese said. This is the central Azure database and we can access any customer database we want.
Wiz said they discovered the problem called ChaosDB on August 9 and reported it to Microsoft on August 12.
Microsoft warns thousands of cloud customers about vulnerabilities
The vulnerability is in a tool called Jupyter Notebook, which has been around for many years. But as of February, it's on by default in Cosmos.
The revelation came after months of bad security news from Microsoft. The company was attacked by the same suspected Russian government hacker who hacked SolarWinds. Who stole the source code from the software giant?
The company needs to fix a print service bug in its operating system that allows for frequent takeover of privileged computers at the system level.
An Exchange email error caused the US government to urgently warn customers of the need to install patches released a few months ago that are now being used by ransomware gangs.
The Azure issue is annoying because the company has pushed the company to abandon most of its infrastructure and rely on the cloud to improve security. While cloud attacks are rare, once they occur they can be even more devastating. Also, some of them have not been announced.