What you need to know
- A vulnerability in Azure Cosmos DB meant that attackers could illegitimately secure admin rights to access user data.
- Microsoft and CISA have offered guidance on how to proceed.
Toward the end of August, an Azure vulnerability was exposed — one that may have existed for months, if not entire years. Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have addressed the issue (via Reuters).
In a Microsoft Security Response Center blog post (opens in new tab), the company not only outlined the situation but also gave advisement on how to ensure safety going forward:
Microsoft claimed no data had been compromised as a result of the aforementioned vulnerability but still sent out notifications to potentially affected parties. The company also paid out $40,000 to the group that discovered the vulnerability.
If you want to know how much that's worth on the scale Microsoft uses to pay out vulnerability catchers, check out how much the company has paid out to bug hunters since July 2020. You'll notice that number, $40,000, is a lot smaller than the most one might get for discovering a vulnerability with Windows 11, though even the maximum figure for Windows 11 may not be as big as you expect.
Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to email@example.com.
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.