Microsoft warns cloud customers of flaw that may have exposed databases: report

Reuters stated it obtained the e-mail Microsoft despatched to its cloud customers, which reportedly stated the vulnerability has been repaired and that there was no proof it had been exploited.

The vulnerability centered round safety keys that management entry to corporations’ databases; Microsoft reportedly instructed hundreds of its customers to create new keys, so that any keys that doubtlessly had been obtained by hackers would change into ineffective.

After the Reuters report was revealed, Wiz published a blog post detailing how they discovered the flaw.

“We have been in a position to acquire full unrestricted entry to the accounts and databases of a number of thousand Microsoft Azure customers, together with many Fortune 500 corporations,” Wiz safety researchers Nir Ohfeld and Sagi Tzadik wrote.

They praised Microsoft for its fast response, noting the flaw was mounted inside 48 hours of it being reported, however warned that not each Cosmos DB buyer may have been notified concerning the vulnerability.

 “We imagine many extra Cosmos DB customers may be in danger,” the Wiz researchers stated. “Every Cosmos DB account that makes use of the pocket book function or that was created after February 2021 is doubtlessly exposed. As a precaution, we urge each Cosmos DB buyer to take steps to guard their info.”

Microsoft, whose software program runs most of the world’s computer systems, is a frequent goal of cybercriminals. Late final 12 months, Microsoft stated it was breached as part of the massive SolarWinds hack, and stated hackers had viewed some of its source code. A hack of its Exchange email server software compromised tens of hundreds of computer systems earlier this 12 months.