A security breach has compromised Microsoft’s cloud. Some of the largest companies in the world are said to be affected by the problem.
This is a problem Microsoft would have liked to have done without. The firm was forced to warn thousands of customers of its cloud services of a major security problem: intruders would have had the possibility by exploiting a flaw to access, modify or delete their databases. These customers include some of the biggest companies in the world. The stakes are therefore of the highest level.
Keys left on the door
It was a security research team from the company Wiz that discovered this flaw and informed about it. Microsoft as quickly as possible. It concerns Cosmos DB, a flagship of Microsoft Azure when it comes to database management. Without further details, the team managed to find a way to access Microsoft customer database access keys. According to Ami Luttwak, representative of Wiz, it is quite simply ” the worst cloud vulnerability imaginable “. He adds ” this is the central Azure database and we could access any customer database we wanted “.
The worst cloud vulnerability imaginable.
Such a key gives full access to the database, in the same way as its legitimate owner, and makes it possible to modify or delete it entirely, or to read its content. The problem is therefore of the highest level since we could read the confidential data of particularly powerful companies.
For the discovery of this flaw, the company Wiz announces that it has received 40,000 dollars from Microsoft.
The flaw corrected, the solution in the hands of customers
Microsoft teams claim to have corrected the security flaw called ChaosDB, which allowed access to these keys. Problem: the firm itself cannot modify the compromised keys and therefore contacted on Thursday the customers they believe to be potentially victims of the problem to ask them to modify the key. According to Wiz, however, Microsoft would only have contacted the companies affected by the month in which the Wiz team discovered the vulnerability, which already existed before.
Microsoft is experiencing a lot of setbacks at the moment concerning the security of its products. It was thus discovered that plugging in a simple Razer mouse was enough to take control of a PC, and Windows suffered the full brunt of the PrintNightmare flaw in recent months.