Friday, January 21, 2022
Google search engine
Home Technology Microsoft Azure - Cloud Vulnerability Shocks Industry Experts

Microsoft Azure – Cloud Vulnerability Shocks Industry Experts

Thousands of Microsoft Azure cloud computing clients, including several Fortune 500 organizations, have been notified of a vulnerability that has left their data totally exposed for the past two years.

A vulnerability in Microsoft’s Azure Cosmos DB database system allowed attackers total unfettered access to more than 3,300 Azure customers. When Microsoft implemented a data visualization capability called Jupyter Notebook to Cosmos DB in 2019, the vulnerability was created. In February 2021, the functionality became default for all Cosmos DBs.

Companies like Coca-Cola, Liberty Mutual Insurance, ExxonMobil, and Walgreens, to mention a few, are among the Azure Cosmos DB clients.

“This is the worst cloud vulnerability you can imagine,” said Ami Luttwak, CEO of Wiz, the security firm that found the flaw. “This is Azure’s core database, and we were able to connect to whatever client database we wanted.”

Despite the severity and danger, Microsoft has found no indication that the vulnerability has resulted in unauthorized data access. In an emailed response to Bloomberg, Microsoft said, “There is no indication of this approach being abused by bad actors.” “As a result of this vulnerability, we are not aware of any client data being accessed.” According to Reuters, Microsoft paid Wiz $40,000 for the finding.

Wiz claims that the vulnerability exposed by Jupyter Notebook allowed the company’s researchers to obtain access to the primary keys that safeguarded Microsoft clients’ Cosmos DB databases in a lengthy blog post. Wiz had complete read, write, and delete access to the data of tens of thousands of Microsoft Azure users using these keys.

According to Wiz, the vulnerability was found two weeks ago, and Microsoft disabled it within 48 hours of Wiz disclosing it. Microsoft, on the other hand, is unable to alter its customers’ primary access keys, which is why it contacted Cosmos DB users to manually update their keys in order to reduce risk.

Today’s problem is Microsoft’s latest security nightmare. In December, SolarWinds hackers stole part of the company’s source code, in March, its Exchange email servers were compromised and implicated in ransomware attacks, and in April, a printer weakness allowed attackers to take over machines with system-level access. However, with the world’s data increasingly migrating to centralized cloud services like Azure, Microsoft’s latest discovery might be the most concerning yet.


NBC Announces it Won’t Stream The Super Bowl in 4K for 2022

NBC Sports has confirmed to The Verge that the 2022 Super Bowl will not be televised or streamed in 4K this year when it...

Tesla’s 2022 Release Lineup Is Looking Groundbreaking

When it comes to the car market of the future, Tesla continues to put itself on the cutting edge of what is available. With...

YouTube Announces it Will Stop Creating Original Shows

YouTube Originals, which generated unique material such as scripted programs, educational videos, music and celebrity programming, will be reduced significantly. Robert Kyncl, YouTube's chief...


Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

The Voting Bill Crumbles in Congress, Filibuster Remains Intact

After a tense, emotional discussion, two senators declined to join their own party in amending Senate rules to overcome a Republican filibuster, bringing the...

UK and US Begin High-Level Talks on Steel Tariffs

The United States and the United Kingdom have began official discussions over Trump-era tariffs on steel and aluminum exports from the United Kingdom. Both nations'...

Real Estate Share Market Jumps in Hong Kong After China Cuts Mortgage Rates

China's central bank slashed a key mortgage rate for the first time in over two years, sending shares of Chinese property developers soaring in...

NBC Announces it Won’t Stream The Super Bowl in 4K for 2022

NBC Sports has confirmed to The Verge that the 2022 Super Bowl will not be televised or streamed in 4K this year when it...

Recent Comments