Huge Microsoft exploit allowed users to manipulate Bing search results and access Outlook email accounts
by Jess Weatherbed from The Verge - All Posts on (#6AB3V)
Microsoft has since patched the BingBang" exploit and made changes to reduce similar vulnerabilities from occurring. | Illustration: Beatrice Sala A dangerous vulnerability was detected in Microsoft's Bing search engine earlier this year that allowed users to alter search results and access other Bing users' private information from the likes of Teams, Outlook, and Office 365. Back in January, security researchers at Wiz discovered a misconfiguration in Azure - Microsoft's cloud computing platform - that compromised Bing, allowing any Azure user to access applications without authorization.
The vulnerability was detected in the Azure Active Directory (AAD) identity and access management service. Applications using the platform's multi-tenant permissions are accessible by any Azure user, requiring developers to validate which users can access their apps. This responsibility isn't...