Microsoft has fixed a bug that allowed hackers to manipulate Bing search results and hack Office 365 accounts.
The researchers who tracked the bug were awarded $40,000.
- The flaws were reported to Microsoft in January and February 2023 by New York-based cybersecurity company Wiz.
- Researchers
pointed out that the flaw had especially affected multi-tenant
applications, enabling any Azure user to be able to log in to the
targeted application.
- One of the affected apps was a content
management system that is used to support Bing.com. The flaw enabled
hackers to modify search results and launch high-impact XSS attacks.
- The flaw enabled hackers to breach:
- Outlook emails,
- calendar data,
- messages on Teams,
- SharePoint documents and OneDrive files.
- The flaws were first tracked in January of 2023.
