You can now find Cyber Kendra on Google News | Telegram

Misconfiguration Allows Access to Microsoft Support Database

Microsoft Customer Support Database exposed online
On last week of 2019, Microsoft found a change made to the database’s network security group leads to misconfigured security rules that enabled exposure of an internal customer support database used for Microsoft support case analytics.

Although Microsoft ensure that the exposed data didn't contain any personal identifiable information and neither it was used for malicious purpose.

Microsoft got the notification of misconfiguration on December 5, 2019 and upon notification of the issue, engineers remediated the configuration on December 31, 2019 to restrict the database and prevent unauthorized access. 

Microsoft says- 
We are committed to the privacy and security of our customers and are taking action to prevent future occurrences of this issue. These actions include:
  • Auditing the established network security rules for internal resources. 
  • Expanding the scope of the mechanisms that detect security rule misconfigurations.  
  • Adding additional alerting to service teams when security rule misconfigurations are detected. 
  • Implementing additional redaction automation.  
Microsoft apologize for the issue cause, and reassure to take this matter seriously on priority basis, and also use best security measures to prevent such kind of issues in future.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.