BR100 Decreased By (-0.15%)
BR30 Decreased By (-0.74%)
KSE100 Decreased By (-0.41%)
KSE30 Decreased By (-0.67%)
BECO 5.80 Decreased By ▼ -0.23 (-3.81%)
BML 58.03 Increased By ▲ 5.28 (10.01%)
BOP 33.85 Decreased By ▼ -0.40 (-1.17%)
CNERGY 8.15 Decreased By ▼ -0.01 (-0.12%)
DCL 11.77 Decreased By ▼ -0.57 (-4.62%)
FCCL 53.35 Decreased By ▼ -0.54 (-1%)
FCSC 5.40 Increased By ▲ 0.18 (3.45%)
FFL 17.89 Decreased By ▼ -0.14 (-0.78%)
FNEL 1.31 Increased By ▲ 0.01 (0.77%)
HUMNL 11.06 Increased By ▲ 0.06 (0.55%)
KEL 8.05 Decreased By ▼ -0.06 (-0.74%)
KOSM 5.45 Increased By ▲ 0.07 (1.3%)
MLCF 87.19 Decreased By ▼ -0.86 (-0.98%)
NBP 184.60 Decreased By ▼ -1.88 (-1.01%)
PACE 11.62 Increased By ▲ 0.90 (8.4%)
PAEL 40.31 Increased By ▲ 0.37 (0.93%)
PIAHCLA 26.10 Decreased By ▼ -0.07 (-0.27%)
PIBTL 17.09 Decreased By ▼ -0.23 (-1.33%)
PPL 228.40 Decreased By ▼ -4.38 (-1.88%)
PRL 34.59 Decreased By ▼ -0.36 (-1.03%)
PTC 67.35 Decreased By ▼ -0.21 (-0.31%)
SEARL 91.00 Increased By ▲ 0.07 (0.08%)
SSGC 26.90 Decreased By ▼ -0.27 (-0.99%)
TELE 8.53 Decreased By ▼ -0.04 (-0.47%)
THCCL 66.14 Increased By ▲ 6.01 (10%)
TPLP 9.29 Increased By ▲ 0.53 (6.05%)
TREET 24.59 Increased By ▲ 0.05 (0.2%)
TRG 71.69 Decreased By ▼ -0.06 (-0.08%)
WAVES 10.98 Increased By ▲ 1.00 (10.02%)
WTL 1.28 Increased By ▲ 0.02 (1.59%)
اردو
Android App
Print Edition Dollar to PKR
Budget 2026-27 Iran-US war Petrol Prices Gold Rates Podcasts PSX Notices
Technology Print edition: 2021-08-28

Microsoft warns thousands of cloud customers of exposed databases

Published August 28, 2021 Updated August 28, 2021 03:54am
Save
2 min
comment
By Reuters
Add BRecorder as a trusted
source on Google
Google Preferred Source

SAN FRANCISCO: Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher.

The vulnerability is in Microsoft Azure’s flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. Wiz Chief Technology Officer Ami Luttwak is a former chief technology officer at Microsoft’s Cloud Security Group.

Because Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. Microsoft agreed to pay Wiz $40,000 for finding the flaw and reporting it, according to an email it sent to Wiz.

“We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure,” Microsoft told Reuters.

Microsoft’s email to customers said there was no evidence the flaw had been exploited. “We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key,” the email said.

“This is the worst cloud vulnerability you can imagine. It is a long-lasting secret,” Luttwak told Reuters. “This is the central database of Azure, and we were able to get access to any customer database that we wanted.”

Luttwak’s team found the problem, dubbed ChaosDB, on Aug. 9 and notified Microsoft Aug. 12, Luttwak said.

Microsoft

Comments

Comments are closed for this article.

More Stories

Browse all stories