Cloud Security
Misconfiguration issue in Azure Active Directory gets patched
Microsoft has released a patch to address a misconfiguration issue in Azure Active Directory that could allow unauthorized access to crucial applications, The Hacker News reports.
The root of the vulnerability lies in a so-called Shared Responsibility confusion in which an Azure app can be configured improperly such that users can access it from any Microsoft tenant without authorization.
Researchers at cloud security firm Wiz said that several Microsoft apps including the Bing Trivia app also exhibit this behavior, which in Bings case poses the critical risk of being used to launch a cross-site scripting attack to steal Outlook emails, OneDrive files,Teams messages, and SharePoint documents.
A malicious actor with the same access could've hijacked the most popular search results with the same payload and leak sensitive data from millions of users, according to Wiz researcher Hillai Ben-Sasson.
Microsoft awarded Wiz a $40,000 bug bounty after being informed of the vulnerability.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds