Source |
The Hacker News |
Identifiant |
8323965 |
Date de publication |
2023-04-01 14:03:00 (vue: 2023-04-01 09:06:51) |
Titre |
Microsoft corrige la nouvelle vulnérabilité Azure AD impactant la recherche Bing et les principales applications [Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps] |
Texte |
Microsoft a corrigé un problème de mauvaise configuration ayant un impact sur le service d'identité et de gestion d'accès Azure Active Directory (AAD) qui a exposé plusieurs applications "à fort impact" à un accès non autorisé.
"L'une de ces applications est un système de gestion de contenu (CMS) qui alimente Bing.com et nous a permis non seulement de modifier les résultats de la recherche, mais également de lancer des attaques XSS à fort impact contre les utilisateurs de Bing"
Microsoft has patched a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed several "high-impact" applications to unauthorized access.
"One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search results, but also launch high-impact XSS attacks on Bing users," cloud security |
Notes |
★★
|
Envoyé |
Oui |
Condensat |
aad access active allowed also applications apps attacks azure bing but cloud cms com content directory exposed fixes has high identity impact impacting issue launch major management microsoft misconfiguration modify new not one only patched powers results search security service several system these unauthorized users vulnerability xss |
Tags |
Vulnerability
Cloud
|
Stories |
|
Move |
|