A major security exploit that let researchers change Bing search results was revealed this week.
000 Archivesvulnerability was discovered in January by cybersecurity research company Wiz and reported to the Microsoft Security Response Center (MSRC).
In a Twitter thread, Wiz researcher Hillai Ben-Sasson explained how he was able to hack into Bing's content management system (CMS). By logging into Microsoft's cloud computing platform Azure, he discovered that he could grant all users access to internal Microsoft apps. He then accessed a database of Bing's search results. From there, Ben-Sasson figured out that he could actually modify what showed up in the results.
Wiz researchers also discovered that Bing was vulnerable to a Cross-Site Scripting (XSS) attack and discovered they had access to sensitive Office 365 data including Outlook emails, Calendar information, and Teams messages. MSRC detailed security updates and shared recommendations for Azure AD admins and developers in its blog post.
SEE ALSO: Protect your privacy with the best free VPNThe purpose of the researchers' experiment was to show that it was possible and share its findings with Microsoft. But it shows how malicious hackers could have wreaked havoc for Bing.
"A malicious actor with the same access could’ve hijacked the most popular search results with the same payload and leak sensitive data from millions of users," said the Wiz blog post. Luckily it was caught before any major damage was done.
This Tweet is currently unavailable. It might be loading or has been removed.
Microsoft confirmed that it has been fixed as of March 29. Wiz received a $40,000 "bug bounty" for reporting the vulnerability, which it it plans to donate to an unspecified recipient.
Topics Cybersecurity Microsoft
The 5 most inappropriate things Donald Trump said at a Puerto Rico disaster briefing
American Blood: An Interview with Mitchell S. Jackson by Annie DeWitt
Poetry Rx: There Are Enough Ballrooms in You by Sarah Kay
Feast your eyes on these 'Wonka'
Character AI reveals AvatarFX, a new AI video generator
The Beauty of Invisibility by Jennifer Wilson
Whiting Awards 2019: Vanessa Angélica Villarreal, Poetry
Redux: Eerie Fictions of the Afternoon by The Paris Review
TikTok wants me to host a dinner party. Is that an actual recession indicator?
'Where is my dad' is one of the better TikTok videos I've seen
LinkedIn launches ‘Zip,’ a brain
These Are Not the Margins: An Interview with Bryan Washington by Nikki Shaner
A Tribe Called Quest Is Gone, but Hip
Stop asking 'who's your friend?' on dating apps
The Best Gaming Concept Art of 2016
One Word: Dipshit by Halle Butler
How to use N
What are tweets called now that Twitter is X? Users weigh in
A worthless juicer and a Gipper-branded server
Poetry Rx: I Cannot Give You an Ending by Claire Schwartz
'Animal Crossing' fans recreate iconic album covers with K.K. SliderHow and when to watch WrestleMania 39How to shop for groceries during the coronavirus pandemicWhat it's like to be polyamorous during the coronavirus quarantineStanford, Fitbit join forces to predict infections with wearablesWWE to merge with UFC parent company Endeavor. What we know.'Yellowjackets' Season 2, episode 2: Rewatching Season 1 will make you squirm after thisThe coronavirus pandemic could take the bubbles out of soda and beer'Wordle' today: Here's the answer, hints for April 3What it's like to be polyamorous during the coronavirus quarantine'Tetris' review: This video gameSurprise Google Drive file limit policy leaves some users feeling shortchanged'Yellowjackets' fact check: A chef weighs in on the wilderness feastTwitter cuts many app developers' API access, even those willing to pay $42,000 per monthWhat it's like to be polyamorous during the coronavirus quarantineKeeping a list of what I do every day is helping me manage quarantine anxietyApple's Weather app not working. What we know.Watch this kangaroo bounce through a deserted Australian cityWhat it's like to be polyamorous during the coronavirus quarantineWrestleMania 39: A guide to all storylines heading into the WWE show 'Assassin's Creed Valhalla' revealed as a 9th century Viking adventure NSA tools at center of ransomware attacks hitting UK hospitals Netflix's 'Hollywood' is a fairy tale where all the grit is glitter Man sees Theresa May knocking on his door on CCTV and blatantly ignores her Gina Martin on the power of activism and how she made upskirting illegal 31 answers to the hardest Star Wars trivia questions in the galaxy The complete guide to cleaning your headphones during a pandemic The greatest Grand Theft Auto protagonists of all time Greg Daniels talks 'Upload' and comparisons to 'The Good Place' The 11 best video games to play with your significant other Cruise shifts its self NYC subway will clean some cars for coronavirus with UV Google Doodle honors Teacher Appreciation Week Quibi leaked users' emails to Google, Facebook, and Twitter Texas theater chain to take your temperature as it reopens Lyft and Uber's pandemic Teen turns in 127 Jessica Chastain responds to a question about Johnny Depp with an expert eye roll Sit back and enjoy watching this smooth guy's Tinder game backfire 11 forgotten anime series from the '90s that still hold up today
0.9797s , 10112.2578125 kb
Copyright © 2025 Powered by 【2000 Archives】,New Knowledge Information Network