Microsoft fixes major security flaw after "irresponsible" jibe

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Microsoft has finally fixed a high-severity flaw that had been plaguing Azure users for five months after being called out on supposed lax security practices.

According to a report on BleepingComputer, Microsoft has released a patch on August 2, which fixes a flaw in the Power Platform Custom Connectors feature. The flaw allowed threat actors to access cross-tenant applications and Azure users sensitive data.

Cybersecurity researchers from Tenable were the first to discover the flaw in late March 2023, and the company's CEO had heavily criticized Microsoft's supposed inaction.

"Grossly irresponsible"

Cybersecurity researchers from Tenable were the first ones to discover the flaw in late March this year and claim it was a big one, as it allowed them to obtain secrets belonging to a bank (an unnamed one, but a Tenable customer, apparently). The researchers notified Microsoft immediately, which acknowledged the flaw and soon came up with a partial fix. After being warned that the released patch doesn’t fully address the problem, Microsoft gave a new deadline - September.

That would put the window of opportunity for hackers at roughly five months, which did not sit well with Tenable’s CEO, and that’s putting it mildly.

Amit Yoran went on to publish a LinkedIn blog post slamming Microsoft for its “negligence” when it comes to protecting its Azure users, describing the company's activities as "grossly irresponsible". 

"Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers' networks and services? Of course not. They took more than 90 days to implement a partial fix – and only for new applications loaded in the service," Yoran said.

In an offficial security advisory posted, Microsoft said the problem is now fully fixed: "This issue has been fully addressed for all customers and no customer remediation action is required," Microsoft said on Friday. The company added that it notified all of its customers of the fix, through the Microsoft 365 Admin Center. Notifications started going out on August 4.

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
The best free firewall
Microsoft fixes Power Pages security flaw, tells users to be on their guard
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
A person at a laptop with a cybersecure lock symbol floating above it.
A worrying security flaw could have left Microsoft SharePoint users open to attack
A hacker wearing a hoodie sitting at a computer, his face hidden.
Microsoft patches three worrying security flaws in its latest critical update, so update now
Representational image of a cybercriminal
Microsoft just patched a host of worrying security issues, so update now
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Latest in Pro
Epson EcoTank ET-4850 next to a TechRadar badge that reads Big Savings
I found the best printer deal you won't see in the Amazon Spring Sale and it's got a massive $150 saving
NVIDIA RTX PRO 6000 Blackwell Server Edition
Nvidia's most expensive Blackwell card gets massive price cut but it is not the RTX 5090
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Group of people meeting
Inflexible work policies are pushing tech workers to quit
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
Latest in News
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead