A series of vulnerabilities in Microsoft Azure’s Cosmos DB exposed the accounts and databases of the company’s thousands of corporate customers “completed” [and] Unrestricted access,” a researcher at security company Wiz Thursday report, Two weeks after notifying the company of the problem.
Microsoft warned customers of this problem in an email on Thursday, suggesting that they create a new database access key, and said that it found no evidence that the vulnerability has been exploited. According to Reuters. In a statement, the company praised researchers for following responsible disclosure practices.
This is the latest in a series of recent security issues in Microsoft technology, including the high-profile Exchange Server hack earlier this year and another prompt The U.S. government issued a warning last weekThese problems show that remedying software vulnerabilities is still one of the keys to improving network security.
Microsoft CEO Satya Nadella is one of the technology executives attending the White House Cyber Security Summit with President Joe Biden this week, promising to quadruple his cyber security spending in the next five years.
Wiz security researchers Nir Ohfeld and Sagi Tzadik, Who calls this defect “ChaosDB”, It commended Microsoft for taking prompt action to shut down vulnerable features within 48 hours of receiving the notification, but warned that “customers may still be affected because their primary access keys may be exposed.”
“In recent years, as more and more companies migrate to the cloud, database exposure has become extremely common, and the culprit is usually a misconfiguration in the customer’s environment. In this case, the customer is not at fault,” they wrote. “In contrast, a series of flaws in the functionality of Cosmos DB created a loophole that allows any user to download, delete, or operate a large number of commercial databases, as well as read/write access to the underlying architecture of Cosmos DB.”
Microsoft said in a statement to Reuters that it “resolved this issue immediately to ensure the safety and protection of our customers.”