A lot has been happening with Bing recently. The integration of AI and a lot of newer features have constantly improved the search engine. But with many new things happening, some vulnerabilities have also risen in Azure AD which left users’ data in jeopardy. This misconfiguration made Bing and Microsoft 365 vulnerable to hackers.
First discovered by Researches at Wiz, the misconfiguration was detected in Azure Active Directory. If exploited, the hacker would be granted unauthorized access to misconfigured applications. According to the report by Wiz, about 25% of multi-tenant applications were vulnerable to it. They reported the issues to MSRC team which has now fixed the vulnerable application.
According to the report released by Microsoft Security Response Center on this misconfiguration, MSRC said, “some apps were incorrectly configured as multi-tenant applications and other multi-tenant applications did not correctly handle authorization checks and may have incorrectly authorized access to a resource in a tenant from a client that was not explicitly registered in that tenant.”
The vulnerability was reported by Wiz researcher on 31st January 2023 and the bug was initially fixed by MSRC on 31st January itself but fixing all the problems took MSRC a long while and all the bugs were fixed by MSRC on 20th March 2023. The bug was publicly disclosed on 29th March 2023.
With the issue now fixed, there have been no official reports about the exploitation of this vulnerability by hackers or any malicious groups. The question of data safety rises again. Stay tuned with TechCult to stay connected with everything happening in the tech world.
Source: Wiz Blog