This week Microsoft notified thousands of customers, including major businesses, of a threat in one of its cloud computing systems. The vulnerability would allow intruders to read, change, or even delete clients’ databases. A security team at Wiz identified the vulnerability.
According to a Reuters report, a research team at security firm Wiz was able to obtain keys that granted access control to the databases of thousands of businesses. Wiz Chief Technology Officer, Ami Luttwak, is a former CTO at Microsoft’s Cloud Security Group.
The vulnerability was in Microsoft’s cloud computing Azure Cosmos database. The company declared that it fixed the vulnerability. It also claims there’s no evidence that anyone exploited it. Luckily, Wiz caught it in time. Microsoft agreed to pay $40,000 for its efforts.
In any event, Microsoft advised users to change their access keys. Luttwak said that “This is the worst cloud vulnerability you could imagine.”, going on to point out it affected the central Azure database.
Microsoft has had a bad run recently. One example is the recent event of repeatedly attempting to patch a printer spool flaw that left computers vulnerable to takeover. The company also experienced a breach by the same hackers responsible for the SolarWinds hack.
As cloud infrastructure and tech, in general, grow in importance and size, providers have to be more active than ever in eliminating threats. Just so, users could use network monitoring to constantly check for threats and vulnerabilities.
According to Luttwak, the threat, now called ChaosDB, was identified on August 9. Wiz brought it to Microsoft’s attention on August 12 after careful assessment.