1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft fixes major security flaw after "irresponsible" jibe

    From TechnologyDaily@1337:1/100 to All on Mon Aug 7 15:45:03 2023
    Microsoft fixes major security flaw after "irresponsible" jibe

    Date:
    Mon, 07 Aug 2023 15:26:46 +0000

    Description:
    A little nudge goes a long way as Microsoft addresses a serious Azure vulnerability.

    FULL STORY ======================================================================

    Microsoft has finally fixed a high-severity flaw that had been plaguing Azure users for five months after being called out on supposed lax security practices.

    According to a report on BleepingComputer, Microsoft has released a patch on August 2, which fixes a flaw in the Power Platform Custom Connectors feature. The flaw allowed threat actors to access cross-tenant applications and Azure users sensitive data.

    Cybersecurity researchers from Tenable were the first to discover the flaw in late March 2023, and the company's CEO had heavily criticized Microsoft's supposed inaction . "Grossly irresponsible"

    Cybersecurity researchers from Tenable were the first ones to discover the flaw in late March this year and claim it was a big one, as it allowed them
    to obtain secrets belonging to a bank (an unnamed one, but a Tenable
    customer, apparently). The researchers notified Microsoft immediately, which acknowledged the flaw and soon came up with a partial fix. After being warned that the released patch doesnt fully address the problem, Microsoft gave a
    new deadline - September.

    That would put the window of opportunity for hackers at roughly five months, which did not sit well with Tenables CEO, and thats putting it mildly. Read more

    These are the best malware removal tools


    These were the most exploited security vulnerabilities of 2022 - is your
    business protected?


    Microsoft is making some cloud security tools free following recent major
    hacks

    Amit Yoran went on to publish a LinkedIn blog post slamming Microsoft for its negligence when it comes to protecting its Azure users, describing the company's activities as "grossly irresponsible".

    "Did Microsoft quickly fix the issue that could effectively lead to the
    breach of multiple customers' networks and services? Of course not. They took more than 90 days to implement a partial fix and only for new applications loaded in the service," Yoran said.

    In an offficial security advisory posted, Microsoft said the problem is now fully fixed: "This issue has been fully addressed for all customers and no customer remediation action is required," Microsoft said on Friday. The company added that it notified all of its customers of the fix, through the Microsoft 365 Admin Center. Notifications started going out on August 4.
    Check out the best endpoint protection and best firewalls for a handy cybersecurity boost

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/pro/microsoft-fixes-major-security-flaw-after-irresp onsible-jibe


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)