Download Certificate- CMOs | ECIO | Most Admired Brand | Most Trusted Company

Microsoft fixes flaw after Tenable CEO calls it ‘grossly irresponsible’


By MYBRANDBOOK


Microsoft fixes flaw after Tenable CEO calls it ‘grossly irresponsible’

After being called "grossly irresponsible" by Tenable’s CEO, Microsoft has fixed a security flaw in the Power Platform Custom Connectors feature that let unauthenticated attackers access cross-tenant applications and Azure customers' sensitive data.  

 

The root cause of the issue stemmed from inadequate access control measures for Azure Function hosts launched by connectors within the Power Platform. These connectors use custom C# code integrated into a Microsoft-managed Azure Function featuring an HTTP trigger. 

 

The API endpoints facilitated requests to the Azure Function without enforcing authentication, although customer interaction with custom connectors usually happens via authenticated APIs. This created an opportunity for attackers to exploit unsecured Azure Function hosts and intercept OAuth client IDs and secrets. 

 

"It should be noted that this is not exclusively an issue of information disclosure, as being able to access and interact with the unsecured Function hosts, and trigger behavior defined by custom connector code, could have further impact," says Tenable.  

 

 Tenable discovered the flaw and reported it on March 30th. 

 

"However, because of the nature of the service, the impact would vary for each individual connector, and would be difficult to quantify without exhaustive testing,” it further added. 

 

"To give you an idea of how bad this is, our team very quickly discovered authentication secrets to a bank. They were so concerned about the seriousness and the ethics of the issue that we immediately notified Microsoft," Tenable CEO Amit Yoran explained. 

 

Tenable also shared proof of concept exploit code and information on the steps required to find vulnerable connector hostnames and how to craft the POST requests to interact with the unsecured API endpoints. 

 

Microsoft resolved the issue for all customers on August 2nd after an initial fix deployed by Redmond on June 7th was tagged by Tenable as incomplete. 

 

"This issue has been fully addressed for all customers and no customer remediation action is required," Microsoft said. 
 BREAKING NEWS  BREAKING NEWS
India-Made Micron Semiconductor Chips Are About To Enter Internat

India-Made Micron Semiconductor Chips Are About To Enter Internat...

In the first half of2025, the semiconductor packaging division of Micron T...

Indian startup OneAIChat announces unified interface for leading

Indian startup OneAIChat announces unified interface for leading ...

An Indian startup, OneAIChat has built a multi-modal AI aggregator to sav...

TCS and AWS to accelerate customers’ cloud migration and offer

TCS and AWS to accelerate customers’ cloud migration and offer ...

Tata Consultancy Services has forged a strategic alliance with Amazon Web...

ESET provides enhanced enterprise security through a newly develo

ESET provides enhanced enterprise security through a newly develo...

ESET is pleased to present the ESET Mobile Threat Defence module (EMTD) ...

 TECHNO TRENDS  Placeholder image
Microsoft to build a new data centre to support Thailand's tec

Microsoft to build a new data centre to support Thailand's tec

Microsoft has revealed intentions to construct a regional data centre as w...

SAP launches cloud services to help Indian scaleups innovate m

SAP launches cloud services to help Indian scaleups innovate m

SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...

Denodo and Sonata form alliance to unlock data-to-value creati

Denodo and Sonata form alliance to unlock data-to-value creati

Denodo and Sonata Information Technology India Limited (SITL) have annou...

Google Play Store will now let users download two apps simulta

Google Play Store will now let users download two apps simulta

Google Play Store now lets users download two apps simultaneously. While a...

 E-Magazine 
 TECHNOTAINMENT  Placeholder image
Airtel Xstream Play strengthens regional content library, part

Airtel Xstream Play strengthens regional content library, part

ED attaches Raj Kundra, Shilpa Shetty’s Rs 97 crore worth as

ED attaches Raj Kundra, Shilpa Shetty’s Rs 97 crore worth as

The Enforcement Directorate (ED) has seized businessman Raj Kundra's pro
Salman Khan trolled for singing with B Praak at Anant Ambani's

Salman Khan trolled for singing with B Praak at Anant Ambani's

To celebrate Mukesh Ambani's youngest son Anant Ambani’s 29th birthday

 MOVERS & SHAKERS  Placeholder image
UiPath ropes in Raghu Malpani as Chief Technology Officer

UiPath ropes in Raghu Malpani as Chief Technology Officer

DigiCert names Atri Chatterjee as CMO

DigiCert names Atri Chatterjee as CMO

DigiCert has announced the appointment of Atri Chatterjee as Chief Market
Amagi names its Chief Product Officer

Amagi names its Chief Product Officer

Amagi announced the appointment of Richard Perkett as its Chief Product Of
 OPEN YOUR EYES  Placeholder image

Growing cyberattacks is a raising concern ,it’s time to evaluate cloud-first strategy
Business continuity is the most valuable asset for financial institutions
Payment industry is eyeing Asia as attractive for V.C. investors amid COVID-19
Newer Technology Solutions To Ensure Business Continuity During COVID-19
The disruption in the technology demands to ensure business continuity
 INTERVIEWS  Placeholder image
Committed to follow future roadmap with 'Make-in-India' 2.0 Vi

Committed to follow future roadmap with 'Make-in-India' 2.0 Vi

CommScope celebrates its 25 years of legacy in India by contin

CommScope celebrates its 25 years of legacy in India by contin

A strong brand must also reflect the company values and speak exactly what

InstaSafe’s growth has always been determined by its custome

InstaSafe’s growth has always been determined by its custome

With the epidemic, India became a major global market, and in the years 202
 HOT PICK  Placeholder image
Lenovo launches IdeaPad Pro 5i in India with Intel Core Ultra

Lenovo launches IdeaPad Pro 5i in India with Intel Core Ultra

COLORFUL rolls out an array of gaming laptops

COLORFUL rolls out an array of gaming laptops

COLORFUL launched its incredible series of COLORFUL EVOL P15 gaming laptop
Dell Technologies launches new AI-powered commercial PC portfo

Dell Technologies launches new AI-powered commercial PC portfo

Dell Technologies has launched the broadest portfolio of commercial AI lap
 MAKE IN INDIA BRANDS   Placeholder image
TALLY SOLUTIONS PVT. LTD.

TALLY SOLUTIONS PVT. LTD.


SAFE SECURITY SERVICES PVT. LTD.

SAFE SECURITY SERVICES PVT. LTD.


OPTIEMUS INFRACOM

OPTIEMUS INFRACOM


  GLOBUS INFOCOM LTD.   

  GLOBUS INFOCOM LTD.   


 EMINENT CIO'S OF INDIA  EMINENT CIO'S OF INDIA

Preparing People & Businesses combat ever-evolving Cyber Threats with constant innovation  

We are also building capacity for proactive threat...

Leveraging cutting-edge technologies for business agility

As a technology leader, I manage technical project...

Redefining the business needs equipping with latest trends 

The development of connected vehicles and infrastr...

 ICONS OF INDIA  Placeholder image

Technology Icons Of India 2023: Dr. Sanjay Bahl

Sanjay Bahl is currently with the Indian Computer Emergency Response T...

Technology Icons Of India 2023: C P Gurnani

CP Gurnani (popularly known as ‘CP’ within his peer group), is the...

Technology Icons Of India 2023: Ajit Balakrishnan

The Company markets specific channels, community features, local langu...

 PARTNER SPEAKERS  EMINENT CIO'S OF INDIA

Creating a valuable and profitable long term business relationship to scale business growth

iValue is the center of the ecosystem, where it connects its channel partners ...

RAH infotech bolstering its position as a leading VAD with its commitment to excellence

The future of the IT industry in India is promising, with several trends and f...

Arrow PC Network Empowering Businesses with Visionary Technology Solutions for a Brighter Future

Being in the IT Sector for more than 30 years, the Founder & MD of Arrow PC Ne...

 PSU  Placeholder image

GSTN aims to integrate indirect tax ecosystem on a shared IT infrastructure  

Goods and Services Tax Network (GSTN) has built Indirect Taxation plat...

TCIL continues to strengthen India with its technology expertise  

TCIL undertakes consultancy & turnkey projects in the field of Telecom...

INDIANOIL helps reach precious petroleum fuels to every nook and corner of the country 

IndianOil, a diversified, integrated energy major with presence in alm...

 VIDEOS  Placeholder image

 Top 25 Brands  Solution partners

Most Trusted Brands 2023 : Apple India Pvt. Ltd.

Apple’s brand awareness is among the top of all other global tech companies....

Most Trusted Brands 2023 : LTImindtree

LTIMindtree is a global technology consulting and digital solutions company t...

Most Trusted Brands 2023 : Dell Technologies India Pvt. Ltd.    

Dell Technologies helps organizations and individuals build their digital futu...

 Value-Added Distribution  Value-Added Distribution

SAVEX TECHNOLOGIES PVT. LTD.

Savex Technologies is the 3rd largest Information & Communication Tec...

ADITYA INFOTECH LTD.

Aditya Infotech Ltd. (AIL) – the technology arm of Aditya Group, is ...

FORTUNE MARKETING PVT. LTD.

Delhi based Fortune Marketing, An ISO 9001:2008 company, distributes ...

 ITFORUM 2024  
 WIITF 2024  
   
 CMO of the Year   Placeholder image
 WOMEN LEADERSHIP  Placeholder image
 EMINENT CIO's OF INDIA   Placeholder image
 TRENDS IN TECHNOLOGY  Placeholder image
MORE VIDEOS  Placeholder image
Brand Book
Brand Book
Brand Book
Brand Book
 ADVERTISEMENTS  Placeholder image
 TECHNOLOGY DISRUPTION Placeholder image

Where are we after one year since lockdown

Where are we after one year since lockdown

The hybrid work culture resulted in enhanced opportunities for women

The hybrid work culture resulted in enhanced opportunities for women

Nutanix reports 90% of enterprises in APJ are Prioritizing AI solutions

Nutanix reports 90% of enterprises in APJ are Prioritizing AI solutions

Digital Transformation will continue to be the double edged sword in 2021

Digital Transformation will continue to be the double edged sword in 2021

 UNICORNS REVOLUTIONISING Placeholder image

Eruditus Learning Solutions Private Limited

Eruditus Learning Solutions Private Limited

A&A DUKAAN FINANCIAL SERVICES PRIVATE LIMITED

A&A DUKAAN FINANCIAL SERVICES PRIVATE LIMITED

Lenskart Solutions Private Limited

Lenskart Solutions Private Limited

Delhivery Private Limited

Delhivery Private Limited


Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org
ADMIRED BRANDS

AFTER MARKET SERVICES

CATEGORIES

DISTRIBUTORS & VADs
GOVERNMENT BODIES

INDUSTRY BODIES

MAKE IN INDIA

CONTACT US

SUBSCRIBE NOW