Microsoft exploit allowed users to manipulate Bing search results

All the issues were fixed by March 20th


Tech Desk March 31, 2023

An issue was discovered in January with Microsoft's cloud computing platform, Azure, by researchers at Wiz.

Due to a misconfiguration in Azure, Bing was compromised, and as a result, any user could access applications without authorisation.

The issue was detected in Azure Active Directory (AAD) identity and access management system.

Due to this vulnerability, researchers who logged into Azure accounts could change or control the search results of Bing. This opportunity was likely used to launch misinformation or carry out scam campaigns.

Since anyone could access other Microsoft platforms, likely, millions of data and Microsoft passwords were also compromised.

Microsoft fixed the problem on February 2nd. Issues that were reported later were all resolved by March 20th

COMMENTS

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ