An Interest In:
Web News this Week
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
- April 19, 2024
- April 18, 2024
March 30, 2023 01:09 pm
Original Link: https://www.theverge.com/2023/3/30/23661426/microsoft-azure-bing-office365-security-exploit-search-results
Huge Microsoft exploit allowed users to manipulate Bing search results and access Outlook email accounts
A dangerous vulnerability was detected in Microsoft’s Bing search engine earlier this year that allowed users to alter search results and access other Bing users’ private information from the likes of Teams, Outlook, and Office 365. Back in January, security researchers at Wiz discovered a misconfiguration in Azure — Microsoft’s cloud computing platform — that compromised Bing, allowing any Azure user to access applications without authorization.
The vulnerability was detected in the Azure Active Directory (AAD) identity and access management service. Applications using the platform’s multi-tenant permissions are accessible by any Azure user, requiring developers to validate which users can access their apps. This responsibility isn’t...
Original Link: https://www.theverge.com/2023/3/30/23661426/microsoft-azure-bing-office365-security-exploit-search-results
Share this article:
Tweet
View Full Article
The Verge
The Verge is an ambitious multimedia effort founded in 2011More About this Source Visit The Verge