GRC Viewpoint

Recent Microsoft Misconfiguration Made Unauthenticated Data Access Possible

A recent Microsoft misconfiguration made it possible to access critical business transaction data. On 24th September 2022, security researchers from the SOCRadar informed Microsoft that an endpoint was misconfigured.

The direct consequence was access to crucial business information, including interactions between prospective customers and Microsoft. In addition, the info involved important information on the planning or implementation of Microsoft services.

READ MORE: October 2022 Microsoft Patch Bulletin Gives Details of Some Flaws and Fixes

The information vulnerable to compromise included email content, addresses, company names, and contact numbers. 

Also, the attached files that give information on business between Microsoft and customers were turned vulnerable to attacks.

Consumer environments, subscriptions and tenants were hardly impacted by this issue.

The incident took place due to an unintentional misconfiguration on a Microsoft endpoint. As a result, the endpoint was not being used across the entire Microsoft ecosystem. 

READ MORE: Removable Media Second Biggest Threat to OT systems in 2022

Microsoft informed us that the enterprise is working to ensure that similar misconfigurations won’t occur in the future. Additional efforts are being taken to investigate any vulnerability and ensure all Microsoft endpoints are secure. 

The affected customers were notified through the message center on 4th October 2022. 

“We have focused our attention on directly notifying impacted customers and provided them with instructions for contacting Microsoft with questions or concerns. If you did not receive a Message center communication, our investigation did not identify an impact to you or your organization,” informed Microsoft.

“Customers should refer to their Message Center notification for more information as this is our secure method of communicating with Microsoft 365 customers about privacy and security events”, adds Microsoft.

Related Articles

Latest Articles