Microsoft app misconfiguration allows Bing search result hijacking and data snooping.

March 30, 2023 at 05:05 PM

•

1 min read

Microsoft app misconfiguration allows Bing search result hijacking and data snooping. — Photo: BleepingComputer

TL;DR Summary

A misconfigured Microsoft app allowed anyone to modify Bing search results and inject XSS attacks, potentially breaching Office 365 user accounts. The issue was discovered by Wiz Research and reported to Microsoft, who confirmed it was fixed on March 28, 2023. The misconfiguration problem affects approximately 25% of multi-tenant apps, including some belonging to Microsoft. Microsoft has introduced security enhancements to prevent Azure AD misconfiguration issues from becoming a problem again and recommends developers and admins consult updated guidance on securing multi-tenant applications.

Topics:technology #azure #bing #cybersecurity #microsoft #misconfiguration #xss-attack

Share this article

Bing search results hijacked via misconfigured Microsoft app BleepingComputer
Microsoft exploit could control Bing search results and Office 365 data The Verge
Microsoft Patched Bing Vulnerability That Allowed Snooping on Email and Other Data - WSJ The Wall Street Journal
Vulnerability Enabled Bing.com Takeover, Search Result Manipulation HackRead
Researcher breaks in to Bing, Office 365 via AAD misconfiguration, now fixed OnMSFT.com

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

87%

651 → 83 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights