Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Office 365 Vulnerability Exposed Business Accounts, Fixed within Seven Hours

Microsoft’s Office 365 service is a cloud-based platform that is designed to help businesses of all sizes use the productivity software as well as manage their users. In a new report hitting the web today, a serious vulnerability was discovered that impacted every account that used cross domain authentication, but thankfully the exploit has been patched.

This vulnerability was jointly discovered by Klemen Bratec from Šola prihodnosti Maribor, and Ioannis Kakavas from Greek Research and Technology Network, and it was a flaw in the execution of SAML. The vulnerability allowed for cross-domain authentication bypass impacting all federated domains; an attacker, using this method, could gain unrestricted access to a victim’s Office 365 account, including access to their email, files stored in OneDrive etc.

If you are interested in how the vulnerability was discovered and how the flaw could be executed, I highly suggest you read the source here, as it has detailed documentation of the exploit.

After the researchers detailed the issue to Microsoft, the vulnerability was closed within seven hours of receiving the report. Seeing as the proper channels were used to report the issue, Microsoft has acknowledged the researchers and their contributions to the service, here.

Office 365 is a core pillar of Microsoft’s software and considering this vulnerability was likely rated as critical, it’s not a surprise to see it patched so quickly. The productivity platform is a core pillar of Microsoft’s revenue and the company will do everything it can to make sure that its security meets the standards that the enterprise customers demand so that the service will not become a tarnished brand.

by Brad Sams
Apr 28, 2016

Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand ...

Microsoft and AI: What Is the Copilot Semantic Index and How Does It Work?

Feb 6, 2024
Mar 21, 2024
How to Grant Full Mailbox Access to Users in Office 365 and Exchange Server

Aug 4, 2023
Aug 08, 2023
Nested Microsoft 365 Groups: What You Need to Know

Jul 12, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.