Office 365 Vulnerability Exposed Business Accounts, Fixed within Seven Hours
Microsoft’s Office 365 service is a cloud-based platform that is designed to help businesses of all sizes use the productivity software as well as manage their users. In a new report hitting the web today, a serious vulnerability was discovered that impacted every account that used cross domain authentication, but thankfully the exploit has been patched.
This vulnerability was jointly discovered by Klemen Bratec from Šola prihodnosti Maribor, and Ioannis Kakavas from Greek Research and Technology Network, and it was a flaw in the execution of SAML. The vulnerability allowed for cross-domain authentication bypass impacting all federated domains; an attacker, using this method, could gain unrestricted access to a victim’s Office 365 account, including access to their email, files stored in OneDrive etc.
If you are interested in how the vulnerability was discovered and how the flaw could be executed, I highly suggest you read the source here, as it has detailed documentation of the exploit.
After the researchers detailed the issue to Microsoft, the vulnerability was closed within seven hours of receiving the report. Seeing as the proper channels were used to report the issue, Microsoft has acknowledged the researchers and their contributions to the service, here.
Office 365 is a core pillar of Microsoft’s software and considering this vulnerability was likely rated as critical, it’s not a surprise to see it patched so quickly. The productivity platform is a core pillar of Microsoft’s revenue and the company will do everything it can to make sure that its security meets the standards that the enterprise customers demand so that the service will not become a tarnished brand.
More in Office 365
M365 Changelog: (Updated) Loop components in Outlook Mail Preview
Jun 3, 2022 | Rabia Noureen
Microsoft Defender for Office 365 Gets Differentiated Protection for Priority Accounts
Apr 14, 2022 | Rabia Noureen
Microsoft 365 Non-Profit Plans to Get a Price Hike in September
Apr 11, 2022 | Rabia Noureen
Microsoft to Launch Office 365 Government Secret Cloud in Mid-2022
Mar 29, 2022 | Rabia Noureen
Microsoft's Surface Hub 2 Smart Camera Arrives to Help with Hybrid Work
Mar 16, 2022 | Rabia Noureen
Microsoft’s New Office.com UI Now Available for All Business and Education Customers
Mar 11, 2022 | Rabia Noureen
Most popular on petri