REDMOND, Washington — Microsoft says it has fixed a flaw in its cloud computing platform that cybersecurity researchers warned could have enabled hackers to take over a cloud-based database product used by many big companies.
The company said on Friday that there’s no evidence the potential opening was exploited by malicious actors or that any customer data was exposed.
The cybersecurity firm Wiz, led by former Microsoft employees, said it discovered what it called an “unprecedented critical vulnerability” in Microsoft’s Azure cloud platform and notified the tech giant earlier in August. Microsoft paid the firm a bounty for the discovery and said it immediately fixed the problem.
If exploited, the flaw could have affected “thousands of organizations, including numerous Fortune 500 companies,” according to a blog post from Wiz, which is based in Israel and California and is led by an Israeli team. Microsoft said on Friday that the flaw affected only a subset of customers using the product.
Microsoft has already been in the hot seat over the hack of its Exchange email servers, disclosed in March and blamed on Chinese spies. Its code was also abused to rifle through the emails of United States officials in an earlier hack, pinned on Russian intelligence agents and more commonly associated with the software company SolarWinds.
The cloud platform vulnerability disclosed this week, while apparently causing no harm, raised concerns about the security of cloud services provided by the tech industry, which businesses and governments increasingly rely on.
After a White House cybersecurity summit on Thursday, Microsoft pledged it would invest $20 billion in cybersecurity over the next five years and make available $150 million in technical services to help local governments upgrade their defenses.
Federal lawmakers earlier in the year insisted that Microsoft swiftly upgrade security to what they say it should have provided in the first place, and without fleecing taxpayers.