Microsoft on Thursday cautioned a huge number of its cloud computing clients, including a portion of the world’s biggest companies, that intruders might read, change or even delete their primary databases, as indicated by a duplicate of the email and a cyber security researcher.
The weakness is in Microsoft Azure’s lead Cosmos DB database. A security team at security organization Wiz found it had the option to access keys that control access to databases held by a great many companies. Wiz Chief Technology Officer Ami Luttwak is a previous CTO at Microsoft’s Cloud Security Group.
Read More: Tiktok Enters Into Augmented Reality Market
Luttwak’s team found the problem, dubbed ChaosDB, on Aug. 9 and notified Microsoft on Aug. 12
“We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key,” according to a copy of the email seen by Reuters.”We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure,” Microsoft added.
Since Microsoft can’t change those keys without help from anyone else, it messaged the clients Thursday advising them to make new ones. Microsoft consented to pay Wiz $40,000 for discovering the blemish and announcing it, as per an email it shipped off Wiz.
For more updates, be with Markedium.
Leave a comment