Security Expert Raised Concerns Over Microsoft's Cloud Database Vulnerability For Years

Security Expert Raised Concerns Over Microsoft's Cloud Database Vulnerability For Years
  • Over 3,300 of Microsoft Corp's MSFT customers were susceptible to a flaw in its Azure Cosmos DB database product, Bloomberg reports.
  • The mishap comes when Microsoft and outside security experts have been emphasizing their clients on cloud migration for better security, Reuters reports.
  • Tel Aviv-based Wiz.io's researchers stated that the glitch could have granted a malicious actor access keys to steal, edit, or delete sensitive data for about two years. Wiz discovered that it could access keys that control access to databases held by thousands of companies,
  • The flaw was in a visualization tool called Jupyter Notebook, which has been available for years and was triggered by default in Cosmos beginning in February.
  • Wiz detected the loophole on August 9 and notified Microsoft on August 12, CNBC reports.
  • Microsoft emailed the customers asking the network administrators to take four steps to protect their Cosmos databases, including new digital keys to access those systems. Microsoft agreed to pay Wiz $40,000 for their help.
  • Microsoft's email to customers said it had fixed the vulnerability with no evidence of exploitation of the flaw.
  • Wiz CTO Ami Luttwak is a former Microsoft Cloud Security Group CTO. He termed it as the worst cloud vulnerability one can imagine and a long-lasting secret. "This is the central database of Azure, and we were able to get access to any customer database that we wanted."
  • Price Action: MSFT shares traded higher by 0.34% at $300.12 in the premarket session on the last check Friday.

Posted In: BriefsNewsTechMedia