Who hasn't managed to access sensitive data on the server yet?
Microsoft has fixed a vulnerability that allowed the company's internal files and credentials to be publicly available on the Internet.
The problem was discovered by a team of SOCRadar specialists who shared the information with TechCrunch. An open storage server located on the Microsoft Azure cloud platform contained important internal files related to the Bing search engine.
This server contained codes, scripts, and configuration files containing passwords, keys, and credentials that Microsoft employees used to access other internal databases and systems. However, the storage server could be accessed without a password, which made it accessible to any user.
SOCRadar noted that the detected data allows attackers to gain access to other storage locations of internal Microsoft files, which can lead to major data leaks and even compromise the services used.
Researchers reported the vulnerability to Microsoft on February 6, and by March 5, the problem was fixed by protecting the disclosed files. At the moment, it is not known how long the server was available on the Internet and whether someone other than SOCRadar discovered the detected data.
A Microsoft spokesperson did not comment. The company also did not say whether the detected internal credentials were changed or reset.
Microsoft has fixed a vulnerability that allowed the company's internal files and credentials to be publicly available on the Internet.
The problem was discovered by a team of SOCRadar specialists who shared the information with TechCrunch. An open storage server located on the Microsoft Azure cloud platform contained important internal files related to the Bing search engine.
This server contained codes, scripts, and configuration files containing passwords, keys, and credentials that Microsoft employees used to access other internal databases and systems. However, the storage server could be accessed without a password, which made it accessible to any user.
SOCRadar noted that the detected data allows attackers to gain access to other storage locations of internal Microsoft files, which can lead to major data leaks and even compromise the services used.
Researchers reported the vulnerability to Microsoft on February 6, and by March 5, the problem was fixed by protecting the disclosed files. At the moment, it is not known how long the server was available on the Internet and whether someone other than SOCRadar discovered the detected data.
A Microsoft spokesperson did not comment. The company also did not say whether the detected internal credentials were changed or reset.
