|21 Jan 2014||#1|
| || |
Microsoft closes Office 365 admin access vulnerability
The vulnerability allowed users to create administrative accounts and take over a business' Office 365 implementation.
Microsoft has closed up a cross-site scripting (XSS) vulnerability in its Office 365 offering, allowing the security researcher who discovered it to explain how it was done.
Cogmotive co-founder Alan Byrne details how the vulnerability can be exploited on his company's blog, as well as in a YouTube video demonstration.
"This is a perfect example of a very simple exploit which has a huge possibility to cause billions of dollars' worth of damage. As we move further and further into the cloud, we need to be more and more aware of the potential security risks," he wrote.
The vulnerability stems from Microsoft's failure to sanitise input fields. Under the default implementation of Office 365, users are able to change their names. As the contents of this field are not checked, users can enter HTML code.
|My System Specs|
|Similar help and support threads for2: Microsoft closes Office 365 admin access vulnerability|
|Microsoft Security Essentials Closes Immediately After Starting||System Security|
|Microsoft Office 2007 Access Queries||Microsoft Office|
|Microsoft Security Essentials Closes as soon it opens...||System Security|
|Microsoft fixes Office 2003 bug denying access to files||Microsoft Office|
|Microsoft Confirms Attacks Targeting Critical 0-Day Office Excel Vulnerability||Microsoft Office|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 03:09 PM.