Microsoft Fixes Major Security Flaw After "irresponsible" Jibe

[ad_1]

Microsoft has finally fixed a high-severity flaw that had been plaguing Azure users for five months after being called out on supposed lax security practices.

According to a report on BleepingComputer, Microsoft has released a patch on August 2, which fixes a flaw in the Power Platform Custom Connectors feature. The flaw allowed threat actors to access cross-tenant applications and Azure users sensitive data.

Cybersecurity researchers from Tenable were the first to discover the flaw in late March 2023, and the company’s CEO had heavily criticized Microsoft’s supposed inaction.

“Grossly irresponsible”

Cybersecurity researchers from Tenable were the first ones to discover the flaw in late March this year and claim it was a big one, as it allowed them to obtain secrets belonging to a bank (an unnamed one, but a Tenable customer, apparently). The researchers notified Microsoft immediately, which acknowledged the flaw and soon came up with a partial fix. After being warned that the released patch doesn’t fully address the problem, Microsoft gave a new deadline – September.

That would put the window of opportunity for hackers at roughly five months, which did not sit well with Tenable’s CEO, and that’s putting it mildly.

Amit Yoran went on to publish a LinkedIn blog post slamming Microsoft for its “negligence” when it comes to protecting its Azure users, describing the company’s activities as “grossly irresponsible”.

“Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers’ networks and services? Of course not. They took more than 90 days to implement a partial fix – and only for new applications loaded in the service,” Yoran said.

In an offficial security advisory posted, Microsoft said the problem is now fully fixed: “This issue has been fully addressed for all customers and no customer remediation action is required,” Microsoft said on Friday. The company added that it notified all of its customers of the fix, through the Microsoft 365 Admin Center. Notifications started going out on August 4.

Via: BleepingComputer

[ad_2]
#Microsoft #fixes #major #security #flaw #irresponsible #jibe

Microsoft fixes major security flaw after “irresponsible” jibe

Leave a Comment Cancel reply

Product Highlight

Recent Posts

SSC all exams, links is here

Who is Radhan Pandit Vettrivel? Vijay appoints his astrologer as Officer on Special Duty to CM in Tamil Nadu govt

NEET Paper Leak Controversy: How many times has NEET faced paper leak allegations? Check full timeline

No LPG, fuel shortage; Govt clarifies amid Global energy crisis, urges for conservation

Delhi HC issues notice on plea seeking free broadcast of FIFA World Cup 2026 in India

How under Palaniswami, AIADMK is writing the story of its own collapse | Analysis

West Bengal CM Suvendu Adhikari allocates key portfolios to five ministers – Check list

Manoj Agarwal, who led the Bengal Assembly elections and SIR named Chief Secretary

VD Satheesan refuses to compromise as Kerala`s CM puzzle deepens: Reports

Modi’s wartime call: Sacrifice today, secure India tomorrow

‘War in West Asia a major crisis of decade’: PM Modi urges for ‘Vocal for Local’ amid Global uncertainty

Welcome

Categorys

Site Links