Total Downloads

2,592,119

Total Files

9,206

Latest Update

10

Microsoft Fixes Vulnerability That Compromised Bing and Office 365

Posted March 30, 2023 | AI | Artificial Intelligence | Bing + MSN | Cloud | Microsoft Azure | Security | Windows


Microsoft admitted today that it patched a serious security misconfiguration in its Azure cloud service that compromised Bing and Office 365 after it was alerted by security researchers at Wiz. The problem was fixed two months ago, on February 2, and just five days before Microsoft surprised the world with its AI-based Bing chatbot.

“Wiz Research found a common misconfiguration in Azure Active Directory that compromised multiple Microsoft applications, including a Bing management portal,” a Wiz blog post explains. ” We found several high-impact, vulnerable Microsoft applications. One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search results, but also launch high-impact [cross-site scripting] attacks on Bing users. Those attacks could compromise users’ personal data, including Outlook emails and SharePoint documents.”

“We appreciate the collaboration with Wiz, which helped us mitigate a potential risk and further harden our services and thank them for working with us to protect the ecosystem,” a Microsoft statement notes. Wiz responsibly disclosed its findings to Microsoft before going public, allowing it to fix the issues.

Separately, the software giant said that the misconfiguration impacted only “a small number” of its internal applications and that it ” immediately corrected the misconfiguration.” Microsoft also added additional authorization checks to address the issue, confirmed that no unintended access had occurred, and confirmed that all the actions outlined by the Wiz researchers are no longer possible because of these fixes. Additionally, Microsoft made other unidentified changes to reduce the risk of future misconfigurations.

Wiz confirmed that Microsoft’s fixes were effective and said that there was no evidence that hackers had ever exploited the misconfiguration. But it could have been left open and exploitable for years.



Source link

')
ankara escort çankaya escort çankaya escort escort bayan çankaya istanbul rus escort eryaman escort ankara escort kızılay escort istanbul escort ankara escort ankara escort escort ankara istanbul rus Escort atasehir Escort beylikduzu Escort Ankara Escort malatya Escort kuşadası Escort gaziantep Escort izmir Escort