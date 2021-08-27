Microsoft Cloud Databases Vulnerable for Years, Researchers Say

Kartikay Mehrotra
·2 min read

(Bloomberg) -- A vulnerability in Microsoft Inc.’s cloud database system left data at thousands of clients exposed to potential cyberattacks for about two years, according to the Israeli cybersecurity firm that discovered the bug.

More than 3,300 of the software giant’s customers were exposed to a flaw in its Azure Cosmos DB database product that could have granted a malicious actor access keys to steal, edit or delete sensitive data, according to researchers at the Tel Aviv-based Wiz.io. Wiz’s co-founder and Chief Technology Officer Ami Luttwak says his team of researchers discovered the vulnerability on Aug. 9 while managing security for some of its own Fortune 500 clients.

Reuters reported earlier that Microsoft had warned thousands of its Azure customers on Thursday about the security flaw. In an email to clients that was reviewed by Bloomberg News, the software firm asked network administrators to take four steps to protect their Cosmos databases, including generating new digital keys used to securely access those systems.

Microsoft says they’ve since fixed the vulnerability. “There is no evidence of this technique being exploited by malicious actors,” the company said in an emailed statement. “We are not aware of any customer data being accessed because of this vulnerability.”

The Wiz researchers found that the vulnerability existed since mid-2019, when Microsoft added a new feature to Cosmos DB called Jupyter Notebooks. The add-on allows database managers to insert lines of code so they can visualize and interact with their data. The feature had to be toggled on by users until February 2021, when Microsoft activated Jupyter Notebooks by default.

“If I’m a customer using the cloud database, my biggest fear is someone accessing my data without me knowing,” said Wiz’s Luttwak. “And that’s what this vulnerability would have done, if not corrected.”

Cosmos DB counts companies including Exxon Mobil Corp., Coca-Cola Co. and Citrix Systems Inc. as clients, according to Microsoft’s website for the service. In a customer testimonial on the site, the Walgreens pharmacy chain says it processes more than 6 million prescriptions a day and the company uses Azure Cosmos DB to run “microservices that its prescription transactions rely on.”

More stories like this are available on bloomberg.com

Subscribe now to stay ahead with the most trusted business news source.

©2021 Bloomberg L.P.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting

Recommended Stories

  • Microsoft warns cloud customers of flaw that may have exposed databases: report

    Microsoft Corp. has warned thousands of its cloud customers that their databases may have been exposed to intruders, Reuters reported Thursday.

  • 4 Growth Stocks With 116% to 247% Upside, According to Wall Street

    Analysts' high-water price targets foresee these fast-growing stocks doubling or tripling in value.

  • Exclusive-Microsoft warns thousands of cloud customers of exposed databases

    SAN FRANCISCO (Reuters) -Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies.

  • Apple Settles With App Developers Without Making Major Concessions

    (Bloomberg) -- Apple Inc. settled a wide-ranging class action lawsuit with U.S. app makers Thursday without agreeing to major changes to its policies, a victory for a company facing criticism that it wields too much power.The settlement will include $100 million worth of payments to app makers ranging from $250 to $30,000 per developer, according to law firm Hagens Berman, which represented plaintiffs claiming Apple overcharged them fees for distributing their programs through the iOS App Store.

  • SHAREHOLDER ALERT: Levi & Korsinsky, LLP Notifies Shareholders of Selectquote, Inc. of a Class Action Lawsuit and a Lead Plaintiff Deadline of October 15, 2021 - SLQT

    New York, New York--(Newsfile Corp. - August 26, 2021) - The following statement is being issued by Levi & Korsinsky, LLP:To: All persons or entities who purchased or otherwise acquired securities of Selectquote, Inc. ("Selectquote") (NYSE: SLQT) between February 8, 2021 and May 11, 2021. You are hereby notified that a securities class action lawsuit has been commenced in the United States District Court for the Southern District of New York. To get ...

  • Ardern Extends NZ Lockdown; Covid Symptoms Linger: Virus Update

    (Bloomberg) -- New Zealand extended a national lockdown for a further four days as a coronavirus outbreak continues to grow, but said some restrictions outside the largest city Auckland will be eased next week.Malaysia is now Southeast Asia’s Covid-19 hotspot, reporting a record 24,599 new cases on Thursday, eclipsing Indonesia and Thailand where daily infections have ebbed. The outbreak is set to prolong the global chip shortage as the country is a key center for semiconductor testing and packa

  • This could be Apple’s next $20 billion business

    Apple Inc. could turn advertising into its next $20 billion business as the company ramps up its offerings and clamps down on ad targeting by third parties.

  • Jackson Hole 2021: Dallas Fed President Robert Kaplan speaks with Yahoo Finance [Transcript]

    A full transcript of Dallas Fed President Robert Kaplan's interview with Yahoo Finance on August 26 at the 2021 Jackson Hole Economic Symposium.

  • China issues draft guidelines for internet recommendation algorithms

    China has issued draft guidelines on regulating the algorithms used by internet service providers to make recommendations to users, part of efforts to protect the privacy and data security of users, the internet regulator said on Friday. Service providers must abide by business ethics and principles of fairness and should not set up algorithm models that entice users to spend large amounts of money or spend money in a way that may disrupt public order, the Cyberspace Administration of China said in a statement. Algorithms should not be used to create fake user accounts and users should be given the option to easily turn off algorithm recommendation services, it said, adding that the draft is open for public feedback until Sept. 26.

  • The PC boom is wobbly as the most important time of year approaches

    HP Inc. and Dell Technologies Inc. had very mixed results in their respective personal-computer businesses, muddying the waters as investors try to determine whether or not the overheated PC market has reached peak pandemic growth.

  • Local veteran worries for friend stuck in Afghanistan amid attacks

    A devastating explosion outside the airport in Kabul, Afghanistan has killed more than 60 afghans and 13 U.S. service members. Back in Michigan, veterans like Ben Wilson spent the day checking on their friends who are still in Afghanistan waiting for a flight out.

  • LG Chem shares slide amid electric vehicle battery-fire probe with GM

    LG Chem shares fell to a nine-month low on Friday, as assurances from General Motors of a continued relationship with it failed to calm investor worries stemming from GM's recall of electric vehicles (EVs) powered by the South Korean firm's batteries. LG Chem Ltd shares slid as much as 3.9% to the lowest since November and were on track for their worst week since early last year with a 14% decline. General Motors Co's CEO Mary Barra signalled on Thursday the automaker would continue its relationship with LG Energy Solution (LGES), the battery supplier at the heart of its $1.8 billion vehicle recall, Bloomberg News reported.

  • How 'America's Frontline Doctors' Sold Access to Bogus COVID-19 Treatments—and Left Patients in the Lurch

    A TIME investigation found hundreds of AFLD customers have accused the group of touting a service promising prescriptions for ivermectin, which medical authorities say should not be taken to treat or prevent COVID-19, and failing to deliver after a fee had been paid.

  • Trump Suggests Osama Bin Laden Wasn't That Big A Deal, Says He Only Had 'One Hit'

    Weeks before the 20th anniversary of 9/11, ex-President Donald Trump said the terrorist behind the 2001 attacks wasn't as bad as the "monsters" he took out.

  • Chipmaker Marvell Technology Beats Second-Quarter Views, But Stock Drops

    Chipmaker Marvell Technology late Thursday beat Wall Street's estimates for its fiscal second quarter and guided higher.

  • HP's earnings beat estimates, will implement vaccine mandate for return to office

    HP Inc. CEO Enrique Lores chats with Yahoo Finance about the path forward for the computer and printer maker as the pandemic rolls right along.

  • Jobless claims: Another 353,000 individuals filed new claims last week

    New weekly jobless claims are expected to hover near their lowest level since March 2020, underscoring the sustained improvement in the labor market despite ongoing concerns over the Delta variant and worker shortages.

  • Apple CEO Tim Cook Gets $750 Million Payout

    File this under “the rich get richer”: Apple CEO Tim Cook this week is expected to collect a huge payday as part of the 10th and final tranche of a deal he signed a decade ago to succeed Steve Jobs. Cook, according to Bloomberg News’ calculations, is set to receive roughly 5 million shares of Apple stock worth about $750 million. Some of the deal is contingent upon Apple’s stock beating the return of two-thirds of the companies in the S&P 500 over the last three years, which isn’t something Cook

  • Do this before iOS 15 is released to stop Apple from scanning your private photos

    Coinciding with Tim Cook hitting the 10-year mark as Apple’s CEO, the iPhone maker has found itself in a strange place. The consumer electronics giant that’s spent years positioning itself as the pro-privacy alternative to tech giants like Google and Facebook has inadvertently landed smack in the middle of two things. One, a huge controversy … The post Do this before iOS 15 is released to stop Apple from scanning your private photos appeared first on BGR.

  • iPhone 13 and AirPods 3 release dates potentially spoiled in new report

    In recent months, a growing number of sources have shared their thoughts on Apple’s iPhone 13 release date. Back in June, Wedbush Securities analyst Dan Ives predicted Apple would unveil the iPhone 13 on the third week of September. Then, in July, Bloomberg’s Mark Gurman reported that Apple would announce all four new models in … The post iPhone 13 and AirPods 3 release dates potentially spoiled in new report appeared first on BGR.