Bing & Office 365: Errors in Azure allow data theft
Microsoft has fallen victim to its own Azure Active Directory – AAD configuration challenges. Due to the misconfiguration, experts managed to add malicious code to some Bing search results, which exposed Microsoft 365 users. Wiz Research experts found the configuration errors and exploited them for testing. Microsoft rewarded the experts with a BugBounty and fixed the bugs immediately. What happened? The experts describe the incident: Manipulated Bing search results including malicious code “These applications allowed us to view and change various types of sensitive Microsoft data. In one particular case, we were unable to find search results on…