REDMOND, Wash.–Microsoft has issued a new warning to its cloud computing customers that hackers might have the ability to read, change or delete their main databases.
The latest hack has left channels for remote access spread across credit unions, city governments, and small businesses, according to the U.S. investigation, reported Track.In.
The vulnerability has been detected in Microsoft Azure’s flagship Cosmos DB database. As reported earlier, a research team at the security company Wiz discovered that they were able to access the keys that control the access to databases held by thousands of companies.
Microsoft’s warning notes intruders have been able to modify their databases, as confirmed by a copy of the email and a cyber security researcher. As Microsoft cannot change these keys by itself, an email has been sent to the customers and told them to create new ones, Track.In. added.
Microsoft is reportedly paying Wiz $40,000 for finding the flaw and reporting it.
The report notes Microsoft has emailed its customers stating that the vulnerability has been fixed and that there was no evidence that the flaw had been exploited. As per the email, “We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key.”
Flaw in Visualization Tool
According to the report, the flaw was detected in a visualization tool called Jupyter Notebook, and has been available for years. This flaw was enabled by default in Cosmos starting in February. Customers who haven’t been notified by Microsoft can have their keys exchanged by attackers, meaning intruders will have access until those keys are changed.