Microsoft fixes cloud vulnerability after warning from Israel-based company

Wiz, led by former Microsoft employees, notified the tech giant of an ‘unprecedented critical vulnerability’ in its Azure cloud platform

By AP and ToI Staff 28 August 2021, 2:31 pm Edit
This file photo from April 12, 2016, shows the Microsoft logo in Issy-les-Moulineaux, outside Paris, France. (AP Photo/Michel Euler, File)
This file photo from April 12, 2016, shows the Microsoft logo in Issy-les-Moulineaux, outside Paris, France. (AP Photo/Michel Euler, File)

REDMOND, Washington — Microsoft says it has fixed a flaw in its cloud computing platform that cybersecurity researchers warned could have enabled hackers to take over a cloud-based database product used by many big companies.

The company said on Friday that there’s no evidence the potential opening was exploited by malicious actors or that any customer data was exposed.

The cybersecurity firm Wiz, led by former Microsoft employees, said it discovered what it called an “unprecedented critical vulnerability” in Microsoft’s Azure cloud platform and notified the tech giant earlier in August. Microsoft paid the firm a bounty for the discovery and said it immediately fixed the problem.

If exploited, the flaw could have affected “thousands of organizations, including numerous Fortune 500 companies,” according to a blog post from Wiz, which is based in Israel and California and is led by an Israeli team. Microsoft said on Friday that the flaw affected only a subset of customers using the product.

Microsoft has already been in the hot seat over the hack of its Exchange email servers, disclosed in March and blamed on Chinese spies. Its code was also abused to rifle through the emails of United States officials in an earlier hack, pinned on Russian intelligence agents and more commonly associated with the software company SolarWinds.

The cloud platform vulnerability disclosed this week, while apparently causing no harm, raised concerns about the security of cloud services provided by the tech industry, which businesses and governments increasingly rely on.

After a White House cybersecurity summit on Thursday, Microsoft pledged it would invest $20 billion in cybersecurity over the next five years and make available $150 million in technical services to help local governments upgrade their defenses.

Federal lawmakers earlier in the year insisted that Microsoft swiftly upgrade security to what they say it should have provided in the first place, and without fleecing taxpayers.

Most Popular
read more:
If you’d like to comment, join
The Times of Israel Community.
JOIN THE TOI COMMUNITY
Join The Times of Israel Community
Commenting is available for paying members of The Times of Israel Community only. Please join our Community to comment and enjoy other Community benefits.
Please use the following structure: example@domain.com
Confirm Mail
Thank you! Now check your email
You are now a member of The Times of Israel Community! We sent you an email with a login link to . Once you're set up, you can start enjoying Community benefits and commenting.