标签档案: platform

Microsoft fixes cloud platform vulnerability after warning

Microsoft fixes cloud platform vulnerability after warning
Microsoft says it’s fixed a flaw in its cloud computing platform that cybersecurity researchers warned could have enabled hackers to take over a database used by many big companies

微软 says it has fixed a flaw in its cloud computing platform that cybersecurity researchers warned could have enabled hackers to take over a cloud-based database product used by many big companies.

The company said Friday there’s no evidence the potential opening was exploited by malicious actors or that any customer data was exposed.

The cybersecurity firm Wiz, led by former Microsoft employees, said it discovered what it called an “unprecedented critical vulnerabilityin Microsoft’s Azure cloud platform and notified the tech giant earlier in August. Microsoft paid the firm a bounty for the discovery and said it immediately fixed the problem.

If exploited, the flaw could have affected “thousands of organizations, including numerous Fortune 500 companies,” according to a blog post from Wiz, which is based in Israel and 加利福尼亚州 Microsoft said Friday it affected only a subset of customers using the product.

Microsoft has already been in the hot seat over the hack of its Exchange email servers disclosed in March and blamed on 中国人 spies. Its code was also abused to rifle through the emails of U.S. officials in an earlier hack pinned on Russian intelligence agents and more commonly associated with the software company SolarWinds.

The cloud platform vulnerability disclosed this week, while apparently causing no harm, raised concerns about the security of cloud services provided by the tech industry, which businesses and governments increasingly rely on.

After a 白色的房子 cybersecurity summit Thursday, Microsoft pledged it would invest $20 billion in cybersecurity over the next five years and make available $150 million in technical services to help local governments upgrade their defenses.

Federal lawmakers earlier in the year insisted that Microsoft swiftly upgrade security to what they say it should have provided in the first place, and without fleecing taxpayers.