When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Well, it all started with a simple click in @Azure… Wiz discovered an attack vector in Azure Active Directory that if exploited would grant unauthorized access to misconfigured applications.
Roughly 25% of multi-tenant applications were vulnerable, according to Wiz.
The research firm highlighted that misconfigurations are common.
Several applications were at risk due to the vulnerability.
Wiz was able to modify Bing search results and launch high-impact XSS attacks on users of Bing.
OneDrive files, Outlook calendars, and Teams messages were also at risk of being exposed.
It could have been a nation-state trying to influence public opinion or a financially motivated hacker.
Wiz alerted Microsoft of the Bing vulnerability and the tech giant fixed it quickly.
The research firm made Microsoft aware of other vulnerable applications on February 25, 2023.
On March 20, 2023, Microsoft confirmed to Wiz that all of the related issues had been fixed.
In a way, the timing of the exploit being reported and fixed was a blessing for Microsoft.
The vulnerability was reported on January 31, 2023 and fixed two days later on February 2, 2023.
Microsoft announced the new Bing on February 7, 2023.
Bing Chathelped the use of Microsoft’s search engine toover 100 million daily active users.
