Through

Sciences et Avenir with Reuters

08/27/2021 at 7:01 a.m., updated August 27, 2021 at 10:48 a.m.

2 min read

“We immediately corrected this problem to ensure the safety and protection of our customers,” Microsoft told Reuters.

Microsoft sent an email on August 26, 2021 warning its thousands of customers using its cloud computing services that intruders could be able to read, modify or even delete some of their databases.

Microsoft sent an email on August 26, 2021 warning its thousands of customers using its cloud computing services that intruders could be able to read, modify or even delete some of their databases, according to Microsoft. a copy of the document and a cybersecurity researcher.

The vulnerability concerns Microsoft Azure’s flagship database, Cosmos DB. A research team from security firm Wiz found it was able to access the keys that control access to databases owned by thousands of companies. Wiz CTO Ami Luttwak is a former CTO of Microsoft’s Cloud Security Group. Microsoft couldn’t change these keys on its own, so the company sent an email to customers asking them to create new ones.

Microsoft has agreed to pay Wiz $ 40,000 for discovering and reporting the flaw, according to an email sent to Wiz. “We immediately corrected this problem to ensure the safety and protection of our customers,” Microsoft told Reuters. In the e-mail sent to its customers, Microsoft indicates that it has corrected the vulnerability and that there is no evidence that the flaw has been exploited. “We have no indication that entities external to the researchers (Wiz) had access to the read-write key,” he said in the copy of the email seen by Reuters.

Microsoft
Cloud

Your address is used to send the newsletters that interest you. In accordance with the Data Protection Act of January 6, 1978, updated by the law of August 6, 2004, you have the right to access, rectify and oppose data concerning you by writing to the address subscriptions @ sciencesetavenir.fr

Your address is used to send the newsletters that interest you. In accordance with the Data Protection Act of January 6, 1978, updated by the law of August 6, 2004, you have the right to access, rectify and oppose data concerning you by writing to the address subscriptions @ sciencesetavenir.fr

Ref: https://www.sciencesetavenir.fr