Office 365

Office 365 Vulnerability Exposed Business Accounts, Fixed within Seven Hours

Microsoft’s Office 365 service is a cloud-based platform that is designed to help businesses of all sizes use the productivity software as well as manage their users. In a new report hitting the web today, a serious vulnerability was discovered that impacted every account that used cross domain authentication, but thankfully the exploit has been patched.

This vulnerability was jointly discovered by Klemen Bratec from Šola prihodnosti Maribor, and Ioannis Kakavas from Greek Research and Technology Network, and it was a flaw in the execution of SAML. The vulnerability allowed for cross-domain authentication bypass impacting all federated domains; an attacker, using this method, could gain unrestricted access to a victim’s Office 365 account, including access to their email, files stored in OneDrive etc.

If you are interested in how the vulnerability was discovered and how the flaw could be executed, I highly suggest you read the source here, as it has detailed documentation of the exploit.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

After the researchers detailed the issue to Microsoft, the vulnerability was closed within seven hours of receiving the report. Seeing as the proper channels were used to report the issue, Microsoft has acknowledged the researchers and their contributions to the service, here.

Office 365 is a core pillar of Microsoft’s software and considering this vulnerability was likely rated as critical, it’s not a surprise to see it patched so quickly. The productivity platform is a core pillar of Microsoft’s revenue and the company will do everything it can to make sure that its security meets the standards that the enterprise customers demand so that the service will not become a tarnished brand.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Brad Sams has more than a decade of writing and publishing experience under his belt including helping to establish new and seasoned publications From breaking news about upcoming Microsoft products to telling the story of how a billion dollar brand was birthed in his book, Beneath a Surface, Brad is a well-rounded journalist who has established himself as a trusted name in the industry.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: