Microsoft Says Solorigate Let Attackers View, but not Modify, Source Code

The past few weeks have been filed with notifications from vendors who are telling their partners that they were either impacted by the uncovering of the Solar Winds exposure or stating that they managed to avoid the headlines and were not using the software. Microsoft is in the former camp and today the company is publishing an update on its internal investigation of Solorigate, as the company calls it.

Not long after the Solar Winds hack was revealed, Microsoft found itself in the spotlight as publications were stating that the company had an exposure because of its use of the software. Microsoft has acknowledged that they were, within a limited scope, compromised by the exposure but the public statements by the company state that their internal controls stopped a significant breach from occurring.

The company states that its investigation “found no evidence of access to production services or customer data” but that its forensic work is ongoing. Further, none of its systems were used as a means to attack other companies or infrastructure.

Despite the fact that there have not been any additional intrusions detected based on Microsoft being compromised, there are still a few alarm bells that could point to future attacks. The company states that “We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories.”

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

It’s worth pointing out that these actors did not have the ability to write or modify any of the source code but simply being able to view such code could aid in helping craft additional attacks against the software. Microsoft did not specifically list which source code has been viewed at this time.

Being able to view source code, according to Microsoft, is not a unique privilege as the company has adopted the use of open-source practices across its services. What this means is that source code is not kept locked in a vault next to the Coca-Cola formula but instead it can be viewed for a community-first approach to building apps and services.

While 2020 has come to an end, the fallout from this exposure across the entire IT industry is far from being fully understood. At this time, companies are quickly updating software to block additional unauthorized instructions but considering how long the door was left open, it will be months, if not years, to fully understand what data was accessed and exposed because of this breach.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand was birthed in his book, Beneath a Surface, Brad is a well-rounded journalist who has established himself as a trusted name in the industry.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: