Founded by Bill Gates and Paul Allen in 1975, Microsoft It is one of the largest technology companies today. It's about a giant in the industry, which over the years has stood out for its Windows operating system, the Office productivity suite and other software products, cloud services and hardware. But he has also stood out for his history of cyber attacks. And the company now led by Satya Nadella has faced numerous security challenges throughout its history. A notable example was the attack of WannaCry in 2017, which took advantage of a vulnerability in Windows to infect more than 200 thousand computers in 150 countries. Or the most recent, which revealed passwords of all its workers.
Despite the huge annual investment of 1 billion dollars in security and data protection, Microsoft has not been able to eradicate its cybersecurity problems, and here we review the details of its latest setback.
A new cyber attack against Windows
A recent discovery revealed the vulnerability and unprotected problems of your Azure serverwhich unfortunately translate into the public exposure of passwords to databases and internal systems important to Microsoft.
According to reports, Microsoft received the alert about this security problem on February 6, and almost a month later, on March 5, he confirmed that he had resolved the situation. It was a security oversight that allowedl Free access to critical information from Microsoft's Bing search enginewas identified by SOCRadar researchers and reported via Techcrunch.
Thus, this server, accessible to any Internet user, contained a variety of code, scripts, and configuration files essential to Microsoft's internal workingst, including worker credentials with access to systems and important databases.
Likewise, in addition to exposing valuable internal data, this breach raised doubts about the Potential risk of potentially devastating data leaks. Although it is unknown how long this sensitive information was available, and whether people outside of Microsoft or SOCRadar accessed them, the company states that all measures have already been taken to correct the vulnerability and prevent these failures in the future.