On Thursday, Microsoft has issued warning to it thousands cloud computing customers, including some reputable companies.
The large tech company revealed it has been discovered that their database is vulnerable to attack which could make an intruder to read, change or even delete their main data according to their cyber security researcher.
From information given to reuters, the vulnerability is from the Microsoft azure’s flagship cosmos DB base.
A research team at a security company Wiz discovered that an intruder would be able to access keys that control acess to databases held by numerous company or individual.
In addendum, The company former Chief Technology Officer at microsoft’s cloud security group, Ami Luttwak asserts that Microsoft cannot change those keys by itself hence, the company emailed the customers telling them to create new ones.
In form of compensation, Microsoft has agreed to pay WIZ $40,000 for discovering the flaw and reporting it.
In a statement gotten from the company as reported by reuters, it reads “we fixed this issue immediately to keep our customers safe and protected.
We thank the security researchers for working under coordinated vulnerability disclosure,”
The email sent by Microsoft to its customers was able to address the issue appropriately and said that there was no proof that the flaw has been exploited, therefore they have nothing to worry but urge each customers to ensure to change their keys.
On the email, the company said “we have no indication that external body outside the researcher had acess to primary read-write key”
The researcher team leader Uttwak told Reuters about how dangerous the flaw could be and how they were able to penetrate easily. “this is the worst cloud vulnerability you can imagine. It is a long lasting secret.
This is the central database of azure, and we were able to get access to any customer database that we wanted”
From the information garnered from reuters, Luttwak’s team found the problem, dubbed ChaosDB, on Aug. 9 and notified Microsoft August 12, Luttwak said.
The flaw was traced to be in a visualization tool called jupyter notebook, which has been available for years but was enabled by default in cosmos beginning febraury.
According to the information gotten from Luttwak, he said, even customers who hasn’t got notified by Microsoft could have had their key swiped by attackers, giving them access to their database until the keys are changed.
Microsoft told reuters that “ customers who may have been impacted received a notification form us” without elaborating.
This revelation comes after weeks of dilapidating security news at micrisoft where the company was breached by suspected government hackers that inflicted solarwinds and stole Microsoft source code which gave way for wide number of hackers to break into the company email server.
This led to the company’s development of patch to strengthen their security angle.
As reported by Reuters.com, a recent fix for a printer flaw that allowed computer takeovers had to be redone oftenly.
Read also:Elon Musk Unveils Tesla Humanoid Robot
Another exchange flaw last week led to an urgent warning from the US government warning that all customers need to install patches issues months ago because ransomware gangs are now exploiting it.