Error in Microsoft-database, the company warned thousands of cloud customers
Microsoft warns customers again. But this time, not the users of the company’s Windows operating system, but thousands of cloud computing customers have been warned. In fact, an error or vulnerability has been found in Microsoft Azure’s flagship Cosmos DB database, which hackers can use to read, modify, or even delete the main database. A research team from security firm Wiz has discovered that they have been able to access a few keys that control access to databases held by thousands of companies. Let me tell you, Ami Luttwak, Wiz’s Chief Technology Officer, is a former Chief Technology Officer at Microsoft’s Cloud Security Group.
Since Microsoft itself cannot change these keys, they emailed customers on Thursday to ask them to create new keys. According to an email from Microsoft to Wiz, the company has agreed to pay Wiz 40,000 to find the error and report it to Microsoft.
Microsoft has told Reuters that customers who may be affected by the error have received notifications from the company. And now the company has solved this problem immediately to keep the customers safe and secure. The company also expressed its sincere gratitude to the security researchers for finding the flaw. In addition, Microsoft has confirmed to users that the attackers have not yet been able to commit any misdeeds through this error.
Lutwalk told Reuters about the error, saying it was a deadly cloud vulnerability, and research had shown that it could be used to access any user’s database. The Lootwalk team found the bug on August 9 and notified Microsoft on August 12. The bug has been around for years in a visualization tool called Jupyter Notebook, but suddenly became enabled by default on Cosmos in February. After Reuters reported this error, Wiz described the matter in detail in a blog post.
According to Lootwalk, Azure’s flaws are particularly problematic, as Microsoft and outside security experts are pushing the company to get out of their own systems and rely on the cloud for more security. But since cloud attacks are rare, they can be devastating, and such incidents are not always public.