Disclaimer: We may earn a commission if you make any purchase by clicking our links. Please see our detailed guide here.

Follow us on:

Google News

Microsoft Caution Customers Against Databases Exposure

Yusuf Balogun
Yusuf Balogun
Yusuf is a law graduate and freelance journalist with a keen interest in tech reporting.

Join the Opinion Leaders Network

Join the Techgenyz Opinion Leaders Network today and become part of a vibrant community of change-makers. Together, we can create a brighter future by shaping opinions, driving conversations, and transforming ideas into reality.

According to a copy of the email and a cyber security researcher, Microsoft alerted thousands of its cloud computing customers, including some of the world’s largest organizations, that outsiders may read, edit, or even delete their main databases.

Microsoft Azure’s main Cosmos DB database is vulnerable. Wiz’s research team realized it was possible to gain access to keys that controlled access to databases owned by tens of thousands of companies. Ami Luttwak, Wiz’s Chief Technology Officer, was previously the CTO of Microsoft’s Cloud Security Group.

Because Microsoft is unable to alter those keys on its own, consumers were emailed on Thursday and told to create new ones. According to an email from Microsoft to Wiz, the company promised to pay him $40,000 for discovering and disclosing the problem.

“To keep our consumers safe and secure, we swiftly addressed the problem. We appreciate the security experts’ efforts in coordinating vulnerability disclosure “Reuters reported on Microsoft’s statement.

According to Microsoft’s notification to customers, there was no evidence that the weakness had been exploited. The email stated, “We have no indication that external entities other than the researcher (Wiz) had access to the primary read-write key.”

“This is the worst cloud flaw you can think of. It’s been kept a secret for a long time,” Luttwak told Reuters. “This is Azure’s core database, and we were able to connect to whatever client database we wanted.”

Luttwak’s team discovered the issue, codenamed ChaosDB, on August 9 and alerted Microsoft on August 12, according to Luttwak.

The weakness was found in Jupyter Notebook, a visualization tool available for years but only enabled by default in Cosmos in February. Wiz highlighted the problem in a blog post after Reuters reported on it. 

Even clients who have not been contacted by Microsoft may have had their keys swiped by attackers, giving them access until their keys are changed, according to Luttwak. When Wiz was working on the problem, Microsoft only informed customers whose keys were displayed this month.

“Customers who may have been impacted received a message from us,” Microsoft told Reuters without going further. 

Microsoft has been plagued by bad security news for months. The same alleged Russian government hackers who entered SolarWinds and stole Microsoft source code broke into the company. Then, while a patch was being created, a large number of hackers got into Exchange email servers.

A recently implemented repair for a printer fault that allowed for computer takeovers had to be redone several times. Last week, another Exchange problem triggered an urgent U.S. government warning that clients must apply patches given months ago because ransomware gangs are now exploiting the flaw.

Problems with Azure are particularly concerning because Microsoft and other security experts have been urging businesses to forgo much of their on-premises infrastructure in favor of the cloud.

Cloud attacks, on the other hand, are more unusual, but they can be more catastrophic when they do happen. Furthermore, some are never made public. 


Partner With Us

Digital advertising offers a way for your business to reach out and make much-needed connections with your audience in a meaningful way. Advertising on Techgenyz will help you build brand awareness, increase website traffic, generate qualified leads, and grow your business.

Power Your Business

Solutions you need to super charge your business and drive growth

More from this topic