Microsoft claims it has fixed a vulnerability in its cloud computing platform that cybersecurity experts warned could have allowed hackers to overthrow a cloud-based product used by large companies.
Friday’s statement by the company stated that there is no evidence that malicious actors exploited the potential opening or that customer data was compromised.
Wiz, a cybersecurity company founded by ex-Microsoft employees, claimed it found an “unprecedented critical weakness” in Microsoft’s Azure cloud platform. It notified Microsoft earlier this August. Microsoft offered a bounty to Wiz for its discovery, and it said that the problem was immediately fixed.
If exploited, the flaw could have affected “thousands of organizations, including numerous Fortune 500 companies,” according to a blog post from Wiz, which is based in Israel and California. Microsoft said Friday it affected only a subset of customers using the product.
Microsoft has already been in the hot seat over the hack of its Exchange email servers disclosed in March and blamed on Chinese spies. Its code was also used to scan the emails of U.S. officials. This hack was attributed to Russian intelligence agents, and is more often associated with software company SolarWinds.
While the cloud platform vulnerability revealed this week did not cause any harm, it raised concerns about the security and reliability of cloud services offered by the tech industry that businesses and governments increasingly depend on.
After a White House cybersecurity summit Thursday, Microsoft pledged it would invest $20 billion in cybersecurity over the next five years and make available $150 million in technical services to help local governments upgrade their defenses.
Federal lawmakers demanded that Microsoft immediately upgrade its security to the level it claimed in the beginning of the year, without extorting taxpayers.