Microsoft takes pains to obscure role in 0-days that caused email breach thumbnail
Microsoft takes pains to obscure role in 0-days that caused email breach
arstechnica.com
"We don’t have any evidence that the actor exploited a 0day." the compromise resulted from three exploited vulnerabilities in either its Exchange Online email service or Azure Active Directory, an identity service that manages single sign-on and multifactor authentication for large organizations. Mi
2 Users
0 Comments
12 Highlights
12 Notes

Top Highlights

  • "We don’t have any evidence that the actor exploited a 0day."
  • the compromise resulted from three exploited vulnerabilities in either its Exchange Online email service or Azure Active Directory, an identity service that manages single sign-on and multifactor authentication for large organizations.
  • Microsoft published Tuesday, bend over backward to avoid the words “vulnerability” or “zero-day.” Instead, the company uses considerably more amorphous terms such as “issue,” “error,” and “flaw” when attempting to explain how nation-state hackers tracked the email accounts of some of the company's biggest customers.
  • This was made possible by a validation error in Microsoft code.”
  • in effect, stores the keys that thousands of organizations use to manage logins for accounts on both their internal networks and cloud-based ones.

Domain

arstechnica.com

Ready to highlight and find good content?

Glasp is a social web highlighter that people can highlight and organize quotes and thoughts from the web, and access other like-minded people’s learning.