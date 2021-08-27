A series of flaws in Microsoft Azure’s Cosmos DB exposed the accounts and databases of thousands of the company’s corporate customers to “complete [and] unrestricted access,” researchers with security firm Wiz reported on Thursday, two weeks after notifying the company of the problem.

According to Reuters, Microsoft sent an email to customers Thursday warning them about the issue and advising them that they create new access keys to their databases. It also stated it could not find any evidence to suggest the flaw was exploited. __S.3__

- Advertisement -

This is the latest security issue in Microsoft technology. It follows a string of other recent Microsoft issues, such as a highly publicized hack on Exchange Server earlier in the year and another which prompted an alert from U.S. officials last week. These problems demonstrate that software vulnerability fixing remains a key to cybersecurity improvement.

Microsoft CEO Satya Nadella was among the tech executives who participated in a White House cybersecurity summit with President Joe Biden this week, promising to quadruple its spending on cybersecurity over the next five years.

Wiz security researchers Nir Ohfeld and Sagi Tzadik, who dubbed the flaw “ChaosDB,” credited Microsoft for taking quick action to turn off the vulnerable feature within 48 hours of notification but cautioned that “customers may still be impacted since their primary access keys were potentially exposed.”

Database breaches have been alarmingly frequent in recent years, as more businesses move to the cloud. The culprit is often a misconfiguration of the customer’s environment. Customers were not responsible in this instance,” they said. A series of bugs in Cosmos DB’s feature allowed users to access a loophole that allows them to manipulate large commercial databases as well as to read/write to Cosmos DB’s underlying architecture.

- Advertisement -

Microsoft stated in a statement that the issue was resolved immediately for customers’ safety and protection.

Publited at Fri 27 August 2021, 17:49:24 (+0000).