The company said on Friday that there was no evidence the potential opening was exploited by malicious actors or that customer data was exposed.
Cybersecurity firm Wiz, run by former Microsoft employees, said it discovered what it called an “unprecedented critical vulnerability” in Microsoft’s Azure cloud platform and informed the tech giant. earlier in August. Microsoft paid the company a bounty for the discovery and said it fixed the issue immediately.
If exploited, the flaw could have affected “thousands of organizations, including many Fortune 500 companies,” according to a blog post from Israel and California-based Wiz. Microsoft said on Friday it was only affecting a subset of customers using the product.
Microsoft has already been in the hot seat because of the hack of its Exchange mail servers that was leaked in March and blamed on Chinese spies. Its code was also abused to dig into emails from US officials in a previous hack pinned on Russian intelligence agents and more commonly associated with software company SolarWinds.
The cloud platform vulnerability revealed this week, while apparently not causing any damage, has raised concerns about the security of cloud services provided by the tech industry, which businesses and governments increasingly rely on. in addition.
After a White House cybersecurity summit on Thursday, Microsoft pledged to invest $ 20 billion in cybersecurity over the next five years and to make $ 150 million in technical services available to help local governments to improve their defenses.
Earlier this year, federal lawmakers insisted that Microsoft quickly improve security to what they say it should have provided in the first place, and without defrauding taxpayers.