Microsoft’s Quick Comeback After Warning Cloud Users of Exposed Databases


On 26th August 2021, Microsoft warned thousands of its cloud computing customers of intruders that could have the ability to read, change or even delete their main databases. This message was sent out to some of the world’s largest companies that use Azure for their cloud requirements.
microsoft

According to reports, the vulnerability was caught in Microsoft Azure’s flagship Cosmos DB database by a research team at the security company Wiz, led by a former chief technology officer at Microsoft’s Cloud Security Group, Mr. Ami Luttwak. He currently serves as the Chief Technology Officer at Wiz, the company that discovered that it was able to access keys that control access to databases held by thousands of companies.

Must Read: The Regulatory Implications of Cloud Computing

With this piece of information, Microsoft immediately informed all its users of this atrocious news. Since they’re the ones who cannot change the keys by themselves, the purpose of emailing this information to the users was for them to create new keys in order to keep their data secure. With that said, the company also made it public that there was no evidence that this flaw had been exploited. However, they did pay Wiz $40,000 for finding the flaw and reporting it to them.

According to Luttwak, the flaw was found in a visualization tool called ‘Jupyter Notebook’, which has been available for many years but was enabled by default in Cosmos beginning in February. According to the blog post from Wiz, it was also discovered that if the data was exploited, the flaw could have affected thousands of organisations, including numerous Fortune 500 companies.

Although Microsoft says that it has fixed the issue by informing customers whose keys were exposed, luttwak said that even customers who have not been notified by Microsoft could have had their keys swiped by attackers, giving them access until those keys are changed.

Interesting Read: Global Cloud Computing Market to Reach $1251 Billion by 2028

The disclosure comes after months of bad security news for Microsoft. The company has already been in the hot seat over the hack of its Exchange email servers disclosed in March and blamed on Chinese spies and was also breached by the same suspected Russian government hackers that infiltrated SolarWinds, who stole Microsoft’s source code.

With this cloud platform vulnerability disclosed last week, it apparently caused no harm but definitely raised concerns about the security of cloud services provided by the tech industry. Problems with Azure are especially troubling as Microsoft and outside security experts have been pushing companies to abandon most of their own infrastructure and rely on the cloud for more security.

It’s also true that although most cloud attacks are rare, they can be more devastating when they occur. Luttwak said, “A federally contracted research lab tracks all known security flaws in software and rates them by severity. But there is no equivalent system for holes in cloud architecture, so many critical vulnerabilities remain undisclosed to users.”

Recommended Read: Cloud Computing vs On Premise

For more articles like “Microsoft Azure Cloud Vulnerability and its Quick Comeback”, follow us on Facebook, Twitter, and LinkedIn.


Related Post