MY BRAND BOOK Microsoft fixes flaw after Tenable CEO calls it ‘grossly irresponsible’

Microsoft fixes flaw after Tenable CEO calls it ‘grossly irresponsible’

By MYBRANDBOOK

After being called "grossly irresponsible" by Tenable’s CEO, Microsoft has fixed a security flaw in the Power Platform Custom Connectors feature that let unauthenticated attackers access cross-tenant applications and Azure customers' sensitive data.

The root cause of the issue stemmed from inadequate access control measures for Azure Function hosts launched by connectors within the Power Platform. These connectors use custom C# code integrated into a Microsoft-managed Azure Function featuring an HTTP trigger.

The API endpoints facilitated requests to the Azure Function without enforcing authentication, although customer interaction with custom connectors usually happens via authenticated APIs. This created an opportunity for attackers to exploit unsecured Azure Function hosts and intercept OAuth client IDs and secrets.

"It should be noted that this is not exclusively an issue of information disclosure, as being able to access and interact with the unsecured Function hosts, and trigger behavior defined by custom connector code, could have further impact," says Tenable.

Tenable discovered the flaw and reported it on March 30th.

"However, because of the nature of the service, the impact would vary for each individual connector, and would be difficult to quantify without exhaustive testing,” it further added.

"To give you an idea of how bad this is, our team very quickly discovered authentication secrets to a bank. They were so concerned about the seriousness and the ethics of the issue that we immediately notified Microsoft," Tenable CEO Amit Yoran explained.

Tenable also shared proof of concept exploit code and information on the steps required to find vulnerable connector hostnames and how to craft the POST requests to interact with the unsecured API endpoints.

Microsoft resolved the issue for all customers on August 2nd after an initial fix deployed by Redmond on June 7th was tagged by Tenable as incomplete.

"This issue has been fully addressed for all customers and no customer remediation action is required," Microsoft said.

BREAKING NEWS

Elon Musk Merges X with xAI in $33 Billion Stock Deal...

Elon Musk has made waves once again by merging X (formerly Twitter) with...

India Strengthens Electronics Supply Chain with ₹22,919 Cr Manu...

The scheme aims to attract an investment of INR 59,350 Cr, resulting in pro...

Govt Drops Import Duty making EV Batteries cheaper...

The Centre is taking measures to counter the impact of US President Donald ...

CERT-In’s New Advisory Unveils Hidden Cyber Threats...

The advisory highlights critical vulnerabilities in AI models, outlines mul...

TECHNO TRENDS

Legal Battle Over IT Act Intensifies Amid Musk’s India Plans

The outcome of the legal dispute between X Corp and the Indian government c...

Wipro inks 10-year deal with Phoenix Group's ReAssure UK worth

The agreement, executed through Wipro and its 100% subsidiary,...

Centre announces that DPDP Rules nearing Finalisation by April

The government seeks to refine the rules for robust data protection, ensuri...

Home Ministry cracks down on PoS agents in digital arrest scam

Digital arrest scams are a growing cybercrime where victims are coerced or ...

E-Magazine

TECHNOTAINMENT

For 2nd Time, Kaspersky announced Mumbai Indians’ Official C

Hrithik Roshan to endorse RuPay as Brand Ambassador

RuPay is reportedly planning to feature Bollywood superstar Hrithik Rosha

India Today Group launches – AI Pop Stars

Staying true to our industry leadership position in using cutting-edge tech

MOVERS & SHAKERS

Cloudflare Promotes Goran Risticevic as VP & MD for APAC

TelioLabs ropes in Phaniraj V A as the Group CEO

TelioLabs has announced the onboarding of Phaniraj V A as its new Group CE

Wipro Appoints Amit Kumar as Managing Partner and Global Head

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading technology s

OPEN YOUR EYES

India to be the top destination for companies moving out of China

Growing cyberattacks is a raising concern ,it’s time to evaluate cloud-first strategy

Let us see, How the Pandemic has affected the Indian IT Business?

The rising risk of insider threats in the remote workforce

Changing Dynamics Of Cybersecurity In The Age of Coronavirus

INTERVIEWS

Cisco building a trusted and resilient future for the nation

In India, 88% of Indian business leaders are planning to inves

As we move through 2024, it has become increasingly clear that AI is not ju

Delivering Critical Business Communication Solutions to Enterp

Arya Omnitalk and Syntel’s comprehensive suite of solutions and more than

HOT PICK

ASUS ExpertCenter P500 Mini Tower Desktop PC's launched in Ind

MSI Announces the availability of RTX 50 series of laptops in

MSI, the innovative computing manufacturer in gaming, creator

Nothing Phone (3a) goes on sale today, starting at Rs 19,999

The phone was launched on March 4, featuring a 50MP main, ultra-wide, and t

MAKE IN INDIA BRANDS

ACER INDIA PVT. LTD.

LUMINOUS POWER TECHNOLOGIES PVT. LTD.

VERSA NETWORKS INDIA PVT. LTD.

PRAMA HIKVISION INDIA PRIVATE LIMITED

EMINENT CIO'S OF INDIA

USING AI & BI OFFERINGS TO ADDRESS CLIENT NEEDS

In the fiscal year 2024-25, Assisto Technologies h...

AGILE TECHNIQUE ENCOURAGES TEAMWORK, ADAPTABILITY, AND CONTINUOUS ITERATION

Several emerging technology trends are significant...

AIM TO PUT IA SOLUTIONS WITH A WIDE “GENERAL INTELLIGENCE” SCOPE INTO PRACTICE

Our firm is fortunate to be led by distinguished i...

ICONS OF INDIA

Icons Of India : PRATIVA MOHAPATRA

Prativa is a transformational leader with an incredible breadth of exp...

Icons Of India : Kumar Mangalam Birla

Aditya Birla Group chairman Kumar Mangalam Birla recently made a comeb...

Icons Of India : Bhavish Aggarwal

Indian entrepreneur Bhavish Aggarwal is the CEO of Ola, India’s larg...

PARTNER SPEAKERS

Leveraging New Age Technologies To Offer Personalized and Scalable Services

To navigate the 2024 and beyond evolving landscape, Rx Infotech plans to adopt...

Unwavering Commitment & Communication helping to thrive in the evolving digital landscape

We leverage a comprehensive market intelligence framework and an advanced CRM ...

Gauging Brand Awareness with Data-Driven insights

Arrow PC Network utilizes data-driven insights extensively to gauge brand awar...

PSU

C-DAC - Centre for Development of Advanced Computing

C-DAC is uniquely positioned in the field of advanced computing...

UIDAI - Unique Identification Authority of India

UIDAI and the Aadhaar system represent a significant milestone in Indi...

NPCI - National Payments Corporation of India

NPCI is an umbrella organization for operating retail payments and set...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024 : Cisco Systems Inc

Cisco positions itself as the company that connects people, devices, and data,...

Most Trusted Brands 2024 : Redington Ltd.

Redington positions itself as a bridge between global technology brands and re...

Most Trusted Brands 2024: WIPRO LTD.

Wipro Ltd. is a leading information technology, consulting, and business proce...

Global Indian industry

Indian Tech Talent Excelling The Tech World - RAVI KUMAR S, CEO- Cognizant

Ravi Kumar S, appointed as CEO of Cognizant in January 2023, sets the ...

Indian Tech Talent Excelling The Tech World - Rajiv Ramaswami, President & CEO, Nutanix Technologies

Rajiv Ramaswami, President and CEO of Nutanix, brings over 30 years of...

Indian Tech Talent Excelling The Tech World - AJAY BANGA, President - World Bank

Ajay Banga is an Indian-born American business executive who currently...

ITFORUM 2025

STARNITE AWARDS 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY