Satya Nadella, CEO of Microsoft Corp., speaks at Microsoft’s annual meeting of shareholders in Bellevue, Washington.
Jason Redmond | AFP | Getty Images
Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, modify or even delete their main databases, according to a copy of th -mail and a cybersecurity researcher.
The vulnerability is in Microsoft Azure’s flagship Cosmos database. A research team from security firm Wiz found it was able to access the keys that control access to databases owned by thousands of companies. Wiz CTO Ami Luttwak is a former CTO of Microsoft’s Cloud Security Group.
Since Microsoft can’t change these keys on its own, it emailed customers on Thursday asking them to create new ones. Microsoft agreed to pay Wiz $ 40,000 for finding and reporting the flaw, according to an email it sent to Wiz.
Microsoft spokespersons did not immediately comment.
Microsoft’s email to customers said it fixed the vulnerability and there was no evidence that the flaw was exploited. “We have no indication that any external entities other than the researcher (Wiz) had access to the master read-write key,” according to a copy of the email seen by Reuters.
“It’s the worst cloud vulnerability you can imagine. It’s a long-standing secret,” Luttwak told Reuters. “This is Azure’s central database, and we were able to access any customer database we wanted. “
The Luttwak team discovered the issue, dubbed ChaosDB, on August 9 and notified Microsoft on August 12, Luttwak said.
The disclosure comes after months of bad security news for Microsoft. The company was raped by the same suspected Russian government hackers who infiltrated SolarWinds, who stole Microsoft’s source code here.
A recent fix for a printer flaw that allowed computer takeovers had to be redone several times. And an Exchange email flaw last week caused an urgent warning from the US government here that customers must install patches released months ago because ransomware gangs are now exploiting it.