Microsoft Fixes Critical Security Vulnerability Exposing Employee Files and Passwords


Microsoft Fixes Critical Security Vulnerability Exposing Employee Files and Passwords

Researchers from the cybersecurity company SOCRadar discovered a vulnerability in a storage server hosted in Microsoft’s Azure cloud, which stored sensitive company information related to Bing, the search engine. The server was not protected with a password and contained codes, scripts, and configuration files with passwords, keys, and credentials used by Microsoft employees to access various databases and internal systems. This exposed data could have been exploited by malicious actors to access other company folders and potentially compromise services.

After notifying Microsoft of the vulnerability on February 6, the company took a month to address and fix the issue on March 5. It is unclear how long the server had been exposed or if anyone outside of SOCRadar had accessed the files. This incident follows a similar cybersecurity breach in which Microsoft exposed data on its commercial relationships due to a server misconfiguration.

The researchers at SOCRadar reported the issue to Microsoft, but it is not clear if any customer accounts were compromised. Microsoft has not provided further details on the incident, and it is essential for organizations to regularly assess and secure their cloud storage servers to prevent data breaches. Cybersecurity threats are continuously evolving, and companies must take proactive measures to protect their data and systems from malicious actors.

Leave a Reply