Detect vulnerabilities in Microsoft Azure cloud service

Microsoft has warned thousands of its Azure cloud customers, including many Fortune 500 companies, about a vulnerability that has exposed their data for the past two years. The vulnerability in Microsoft’s Azure Cosmos DB database has left more than 3,300 Azure clients open for unrestricted access by attackers.

The Wiz security team has discovered that the vulnerability could allow access to keys that control access to thousands of companies’ databases. Amy Lotwack, Wise Technology Director, is a former technology director at Microsoft Cloud Security Group. Because Microsoft itself could not change these keys, it emailed its customers asking them to create new keys. Microsoft agreed to pay Wise $ 40,000 to find the vulnerability and report it to Microsoft.

“We quickly fixed the vulnerability to keep our customers safe,” Microsoft told Reuters. We thank security researchers for their cooperation on the basis of coordinated vulnerability disclosure. Microsoft told its customers in an email that there was no evidence that the vulnerability was exploited. The company tracked the ChaosDB security breach on August 9, and Microsoft sent an email to its customers on August 12.