Microsoft's Azure cloud platform users are now being urged by cybersecurity experts to change their digital access keys. It comes even if they are not part of the 3,300 who are affected by the massive vulnerability.
The logo of French headquarters of American multinational technology company Microsoft, is pictured outside on March 6, 2018 in Issy-Les-Moulineaux, a Paris' suburb.
Last Aug. 27, security experts warned that over 3,000 users of the Microsoft Azure Cosmos DB are exposed to the risk of a security breach after a massive vulnerability was discovered.
The Azure vulnerability allows anyone to have admin privileges remotely.
As per UrgentComm, the security vulnerability exposed prominent companies, such as Rolls-Royce, Coca-Cola, Siemens, Mercedes Benz, Symantec, and Citrix, among others.
After discovering it, Wiz notified Microsoft about the cloud security flaw three days after. Within 24 hours, Microsoft went on to shut down the Jupyter Notebook feature, an interactive cloud app for data science, the head of research in Wiz said.
Microsoft Azure Customers Urged by Cybersecurity Experts
Since then, Microsoft has already fixed the issue and urged the 3,300 affected users to change their keys.
The tech giant wrote that "though no customer data was accessed, it is recommended you regenerate your primary read-write keys."
However, according to Reuters, cybersecurity experts are still encouraging all Microsoft Azure users to change their digital access keys even if they are not identified as part of the breach.
BERLIN, GERMANY - JANUARY 25: In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany. 2020 saw a sharp rise in global cybercrime that was in part driven by the jump in online retailing that ensued during national lockdowns as governments sought to rein in the coronavirus pandemic.
The security experts from Wiz who discovered the massive security flaw also issued a much broader warning to the users of Microsoft Azure. It is to note that the founder of Wiz used to be part of the in-house security team of Azure.
One of the experts that work on unraveling the significant vulnerability, Wiz Chief Technology Officer Ami Luttwak, noted that it is difficult to simply rule out that no one had used the security flaw before.
It is contrary to the claims of Microsoft that no data was breached by the flaw as it was hiding in plain sight before being discovered by Wiz.
Among the lead researchers of the security study, Sagi Tzadik, further said that hopefully what Microsoft is saying is true because "it's terrifying."
Microsoft Azure Customers and US Homeland Security
Meanwhile, the United States Department of Homeland Security, through its Cybersecurity and Infrastructure Security Agency, also strongly warned the users of Microsoft's Azure cloud platform during its bulletin last Friday, Aug 27.
To be precise, the agency said that "CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key,"
Elsewhere, Microsoft released the Windows 11 preview to Azure Virtual Desktop.
Related Article: Microsoft Exchange Servers Hacked by New Ransomware Gang via ProxyShells Vulnerabilities-How to Avoid
This article is owned by Tech Times
Written by Teejay Boris
