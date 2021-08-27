 Skip to main content

Market Overview

Tickers

Articles

Keywords

Search by keyword...
googlecse

Security Expert Raised Concerns Over Microsoft's Cloud Database Vulnerability For Years
Anusuya Lahiri , Benzinga Staff Writer  
August 27, 2021 7:12am   Comments
Share:
Security Expert Raised Concerns Over Microsoft's Cloud Database Vulnerability For Years
  • Over 3,300 of Microsoft Corp's (NASDAQ: MSFT) customers were susceptible to a flaw in its Azure Cosmos DB database product, Bloomberg reports.
  • The mishap comes when Microsoft and outside security experts have been emphasizing their clients on cloud migration for better security, Reuters reports.
  • Tel Aviv-based Wiz.io's researchers stated that the glitch could have granted a malicious actor access keys to steal, edit, or delete sensitive data for about two years. Wiz discovered that it could access keys that control access to databases held by thousands of companies,
  • The flaw was in a visualization tool called Jupyter Notebook, which has been available for years and was triggered by default in Cosmos beginning in February.
  • Wiz detected the loophole on August 9 and notified Microsoft on August 12, CNBC reports.
  • Microsoft emailed the customers asking the network administrators to take four steps to protect their Cosmos databases, including new digital keys to access those systems. Microsoft agreed to pay Wiz $40,000 for their help.
  • Microsoft's email to customers said it had fixed the vulnerability with no evidence of exploitation of the flaw.
  • Wiz CTO Ami Luttwak is a former Microsoft Cloud Security Group CTO. He termed it as the worst cloud vulnerability one can imagine and a long-lasting secret. "This is the central database of Azure, and we were able to get access to any customer database that we wanted."
  • Price Action: MSFT shares traded higher by 0.34% at $300.12 in the premarket session on the last check Friday.

© 2021 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

 

Related Articles (MSFT)

Gaming Hardware Company Seeks Secondary Listing In US: CNBC
Do Investors Have To Choose Between Microsoft And Salesforce?
Why Netflix's Video Game Launch Is Critical For Streaming Platform: Matthew Ball
Microsoft Wins Blockchain Patent For Implementing Cross Chain Token Service
Microsoft Fuels Rivalry With Amazon As It Hires AWS Veteran Charlie Bell
Apple Commits To Shoring Up Supply Chain Security, Google, Amazon, Microsoft To Also Pour Money, Efforts Into Cybersecurity
View Comments and Join the Discussion!

Posted-In: BriefsNews Tech Media

Don't Miss Any Updates!
News Directly in Your Inbox
Subscribe to:
Benzinga Premarket Activity
Get pre-market outlook, mid-day update and after-market roundup emails in your inbox.
Market in 5 Minutes
Everything you need to know about the market - quick & easy.
Fintech Focus
A daily collection of all things fintech, interesting developments and market updates.
SPAC
Everything you need to know about the latest SPAC news.
Thank You

Thank you for subscribing! If you have any questions feel free to call us at 1-877-440-ZING or email us at vipaccounts@benzinga.com