Microsoft fixes cloud platform vulnerability after warning
Microsoft says it’s fixed a flaw in its cloud computing platform that cybersecurity researchers warned could have enabled hackers to take over a database used by many big companies
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Microsoft says it has fixed a flaw in its cloud computing platform that cybersecurity researchers warned could have enabled hackers to take over a cloud-based database product used by many big companies.
The company said Friday there's no evidence the potential opening was exploited by malicious actors or that any customer data was exposed.
The cybersecurity firm Wiz, led by former Microsoft employees, said it discovered what it called an “unprecedented critical vulnerability" in Microsoft's Azure cloud platform and notified the tech giant earlier in August. Microsoft paid the firm a bounty for the discovery and said it immediately fixed the problem.
If exploited, the flaw could have affected “thousands of organizations, including numerous Fortune 500 companies," according to a blog post from Wiz, which is based in Israel and California Microsoft said Friday it affected only a subset of customers using the product.
Microsoft has already been in the hot seat over the hack of its Exchange email servers disclosed in March and blamed on Chinese spies. Its code was also abused to rifle through the emails of U.S. officials in an earlier hack pinned on Russian intelligence agents and more commonly associated with the software company SolarWinds.
The cloud platform vulnerability disclosed this week, while apparently causing no harm, raised concerns about the security of cloud services provided by the tech industry, which businesses and governments increasingly rely on.
After a White House cybersecurity summit Thursday, Microsoft pledged it would invest $20 billion in cybersecurity over the next five years and make available $150 million in technical services to help local governments upgrade their defenses.
Federal lawmakers earlier in the year insisted that Microsoft swiftly upgrade security to what they say it should have provided in the first place, and without fleecing taxpayers.
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.