Microsoft has recently addressed a vulnerability in one of its storage servers hosted on the Azure cloud. This server stored company information related to Bing, the search engine, and could have been accessed by malicious actors if not properly secured. Researchers from SOCRadar, Can Yoleri, Murat Özfidan, and Egemen Koçhisarli discovered the flaw and notified Microsoft.
The server was publicly accessible and not password-protected, which made it vulnerable to cyber attacks. The researchers found that the server contained codes, scripts, and configuration files with passwords, keys, and credentials used by Microsoft employees for accessing databases and internal systems.
If cybercriminals had gained access to these files, they could have potentially used them to access other company folders and cause more significant data leaks or service compromises. However, it is unclear how long the server was exposed or if anyone other than SOCRadar accessed the files stored on it. Microsoft fixed the issue on March 5 after being notified of it on February 6th.
This incident is just one of many cybersecurity incidents that Microsoft has experienced in the past. In another incident, data related to its commercial relationships with potential clients was exposed due to server misconfiguration. The SOCRadar researchers also reported this issue.
Organizations need to continually monitor their systems for vulnerabilities and take prompt action when any security concerns arise to prevent unauthorized access to sensitive data.
