It fixed the vulnerable applications, updated customer guidance, and patched some AAD functionality to reduce customer exposure. MSRC’s blog can be found here. Those attacks could compromise users’ personal data, including Outlook emails and SharePoint documents.Īll issues were reported to the MSRC team. One of these apps is a content management system (CMS) that powers and allowed us to not only modify search results, but also launch high-impact XSS attacks on Bing users. We found several high-impact, vulnerable Microsoft applications. Based on our scans, about 25% of multi-tenant applications turned out to be vulnerable. These misconfigurations are fairly popular, especially with Azure App Services and Azure Functions. Wiz Research discovered a new attack vector in Azure Active Directory that exposed misconfigured applications to unauthorized access.
0 Comments
Leave a Reply. |