Log in
E-mail
Password
Show password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON

MICROSOFT CORPORATION

(MSFT)
  Report
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Microsoft : Researchers, cybersecurity agency urge action by Microsoft cloud database users

08/29/2021 | 11:15pm EST
A Microsoft logo is pictured on a store in New York

(Reuters) - Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp's Azure cloud platform on Saturday urged all users to change their digital access keys, not just the 3,300 it notified this week.

As first reported by Reuters https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26, researchers at a cloud security company called Wiz discovered this month they could have gained access to the primary digital keys for most users of the Cosmos DB database system, allowing them to steal, change or delete millions of records.

Alerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers' databases, then notified some users Thursday to change their keys.

In a blog post Friday, Microsoft said it warned customers which had set up Cosmos access during the weeklong research period. It found no evidence that any attackers had used the same flaw to get into customer data, it noted.

"Our investigation shows no unauthorized access other than the researcher activity," Microsoft wrote. "Notifications have been sent to all customers that could be potentially affected due to researcher activity," it said, perhaps referring to the chance that the technique had leaked from Wiz.

"Though no customer data was accessed, it is recommended you regenerate your primary read-write keys," it said.

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency used stronger language in a bulletin Friday, making clear it was speaking not just to those notified.

"CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key," the agency said https://us-cert.cisa.gov/ncas/current-activity/2021/08/27/microsoft-azure-cosmos-db-guidance.

Experts at Wiz, founded by four veterans of Azure's in-house security team, agreed.

"In my estimation, it's really hard for them, if not impossible, to completely rule out that someone used this before," said one of the four, Wiz Chief Technology Officer Ami Luttwak. At Microsoft he developed tools for logging cloud security incidents.

Microsoft did not give a direct answer when asked if it had comprehensive logs for the two years when the Jupyter Notebook feature was misconfigured, or had used another way to rule out access abuse.

"We expanded our search beyond the researcher's activities to look for all possible activity for current and similar events in the past," said spokesman Ross Richendrfer, declining to address other questions.

Wiz said Microsoft had worked closely with it on the research but had declined to say how it could be sure earlier customers were safe.

"It's terrifying. I really hope than no one besides us found this bug," said one of the lead researchers on the project at Wiz, Sagi Tzadik.

(Reporting by Joseph Menn in San Francisco; Editing by Richard Chang)

By Joseph Menn


ę Reuters 2021
All news about MICROSOFT CORPORATION
11/26WALL STREET WEEK AHEAD : COVID-19 fears reappear as a threat to market
RE
11/26Traders pile into defensive options plays as COVID-19 fears return
RE
11/26Britain on track for record Black Friday sales
RE
11/26INSIDER SELL : Microsoft
MT
11/26Climate activists target Amazon depots in Britain on 'Black Friday'
RE
11/26Shortages cast shadow over Britain's Black Friday
RE
11/25EU countries agree on common stance on new rules for U.S. tech giants
RE
11/25EU countries agree on common stance on new rules for U.S. tech giants
RE
11/24MICROSOFT : 11 new 3D cities now available in Microsoft Maps
PU
11/24WINDOWS 11 TIPS : Get help with holiday shopping thanks to features built into Microsoft E..
PU
More news
Analyst Recommendations on MICROSOFT CORPORATION
More recommendations
Financials (USD)
Sales 2022 196 B - -
Net income 2022 71 157 M - -
Net cash 2022 83 357 M - -
P/E ratio 2022 34,7x
Yield 2022 0,74%
Capitalization 2 475 B 2 475 B -
EV / Sales 2022 12,2x
EV / Sales 2023 10,6x
Nbr of Employees 181 000
Free-Float 99,9%
Chart MICROSOFT CORPORATION
Duration : Period :
Microsoft Corporation Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends MICROSOFT CORPORATION
Short TermMid-TermLong Term
TrendsBullishBullishBullish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus BUY
Number of Analysts 41
Last Close Price 329,68 $
Average target price 364,81 $
Spread / Average Target 10,7%
EPS Revisions
Managers and Directors
Satya Nadella Chairman & Chief Executive Officer
Bradford L. Smith President & Chief Legal Officer
Amy E. Hood Chief Financial Officer & Executive Vice President
James Kevin Scott Chief Technology Officer & Executive VP
Matthias Troyer Distinguished Scientist
Sector and Competitors
1st jan.Capi. (M$)
MICROSOFT CORPORATION48.22%2 475 231
SEA LIMITED49.12%164 624
ATLASSIAN CORPORATION PLC67.42%98 962
DASSAULT SYSTÈMES SE59.16%78 695
ROBLOX CORPORATION0.00%70 994
ZOOM VIDEO COMMUNICATIONS, INC.-34.72%65 621