MY BRAND BOOK Microsoft fixes flaw after Tenable CEO calls it ‘grossly irresponsible’

Microsoft fixes flaw after Tenable CEO calls it ‘grossly irresponsible’

By MYBRANDBOOK

After being called "grossly irresponsible" by Tenable’s CEO, Microsoft has fixed a security flaw in the Power Platform Custom Connectors feature that let unauthenticated attackers access cross-tenant applications and Azure customers' sensitive data.

The root cause of the issue stemmed from inadequate access control measures for Azure Function hosts launched by connectors within the Power Platform. These connectors use custom C# code integrated into a Microsoft-managed Azure Function featuring an HTTP trigger.

The API endpoints facilitated requests to the Azure Function without enforcing authentication, although customer interaction with custom connectors usually happens via authenticated APIs. This created an opportunity for attackers to exploit unsecured Azure Function hosts and intercept OAuth client IDs and secrets.

"It should be noted that this is not exclusively an issue of information disclosure, as being able to access and interact with the unsecured Function hosts, and trigger behavior defined by custom connector code, could have further impact," says Tenable.

Tenable discovered the flaw and reported it on March 30th.

"However, because of the nature of the service, the impact would vary for each individual connector, and would be difficult to quantify without exhaustive testing,” it further added.

"To give you an idea of how bad this is, our team very quickly discovered authentication secrets to a bank. They were so concerned about the seriousness and the ethics of the issue that we immediately notified Microsoft," Tenable CEO Amit Yoran explained.

Tenable also shared proof of concept exploit code and information on the steps required to find vulnerable connector hostnames and how to craft the POST requests to interact with the unsecured API endpoints.

Microsoft resolved the issue for all customers on August 2nd after an initial fix deployed by Redmond on June 7th was tagged by Tenable as incomplete.

"This issue has been fully addressed for all customers and no customer remediation action is required," Microsoft said.

BREAKING NEWS

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

TECHNO TRENDS

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

E-Magazine

TECHNOTAINMENT

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b

MOVERS & SHAKERS

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this

OPEN YOUR EYES

Technology empowering people stay connected in un-touch world

Big Data and Cyber Security Brings Newer Challenges for WFH

We have to continue our efforts to drive the country

Entire communications is moving towards Webinar :Age of Discovery

India to be the top destination for companies moving out of China

INTERVIEWS

Autodesk continually pushing the boundaries in the Design and

In India, 88% of Indian business leaders are planning to inves

As we move through 2024, it has become increasingly clear that AI is not ju

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

A good amount of R&D works and global support services are operated out of

HOT PICK

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr

MAKE IN INDIA BRANDS

POLYCAB INDIA PVT. LTD

TP-LINK INDIA PVT. LTD.

BEETEL TELETECH LTD.

SAMSUNG INDIA ELECTRONICS LTD.

EMINENT CIO'S OF INDIA

SUSTAINING SUCCESS BY DELIVERING VALUE TO CUSTOMERS

This includes conducting regular audits, risk asse...

AGILE TECHNIQUE ENCOURAGES TEAMWORK, ADAPTABILITY, AND CONTINUOUS ITERATION

Several emerging technology trends are significant...

AI TO IMPROVE INSIGHTS THROUGH AUGMENTED ANALYTICS, WHILE EDGE COMPUTING TO ALLOW REAL-TIME PROCESSING

For the fiscal year 2024-25, our organization has ...

ICONS OF INDIA

ICONS OF INDIA : RAJESH NAMBIAR

Rajesh leads the company’s India associates and enhances relationshi...

Icons Of India : B.V.R. Subrahmanyam

A 1987 batch (Chhattisgarh cadre) Indian Administrative Service Office...

ICONS OF INDIA : ROSHNI NADAR MALHOTRA

Roshni Nadar Malhotra is the Chairperson of HCLTech, a leading global ...

PARTNER SPEAKERS

"Keep IT Simple" with dedication to Quality

BM Infotrade prioritizes its motto of “Keep IT Simple”, with this it stand...

Aiming To Elevate Value Proposition With Strategic Initiatives

Inflow Technologies leverages data-driven insights to gauge brand awareness an...

Enhanced Skills & Expertise helping to better serve customers and stay ahead of the curve

Feedback Forms: Conducting surveys and collecting feedback from customers is a...

PSU

IOCL - Indian Oil Corporation Ltd.

IOCL is India’s largest oil refining and marketing company ...

NPCI - National Payments Corporation of India

NPCI is an umbrella organization for operating retail payments and set...

C-DOT - Center of Development of Telematics

India’s premier research and development center focused on telecommu...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024: HCL TECHNOLOGIES LTD.

HCL Technologies Ltd. (HCLTech) has been at the forefront of technological inn...

Most Trusted Brands 2024 : Ingram Micro India

Ingram Micro India’s strong brand connection is built on its distribution ne...

Most Trusted Brands 2024: Infosys Ltd.

Infosys, leverages emerging technologies and digital capabilities to help clie...

Global Indian industry

Indian Tech Talent Excelling The Tech World - Steve Sanghi, Executive Chair, Microchip

Steve Sanghi, the Executive Chair of Microchip Technology, has been a ...

Indian Tech Talent Excelling The Tech World - George Kurian, CEO, Netapp

George Kurian, the CEO of global data storage and management services ...

Indian Tech Talent Excelling The Tech World - ANJALI SUD, CEO – Tubi

Anjali Sud, the former CEO of Vimeo, now leads Tubi, Fox Corporation�...

STARNITE AWARDS 2024

ITFORUM 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY