Microsoft fixes ‘BingBang’ security flaw affecting Bing

0
10
1680278061 014559 1680278168 rrss normal.jpg
1680278061 014559 1680278168 rrss normal.jpg

Bing is gaining new users at breakneck speed. And much of the credit goes to the integration with GPT4, the AI ​​presented by Microsoft and that has revolutionized all kinds of sectors. But all that glitters is not gold. Without going any further, we recently announced that Bing’s AI will soon be ad-supported. In addition, Microsoft suffered a dangerous vulnerability that has affected its browser. Luckily, and as reported from the official blog of the American company, it seems that Microsoft has managed to patch this serious vulnerability that affected Bing, allowing search results to be changed. The most serious? That BingBang also allowed access to users’ personal information. BingBang is no longer a problem for Microsoft’s search engine It all comes from a researcher at Wiz security company, Hillai Ben-Sasson, who discovered this dangerous vulnerability in January. Obviously, he did not take long to notify Microsoft, which has finally just published an update on the company’s official blog in which he announces the correction made and the additional security measures taken. “Microsoft has fixed an authorization configuration bug for multi-tenant applications using Azure AD, initially discovered by Wiz, and reported to Microsoft, that affected a small number of our internal applications. The misconfiguration allowed external parties to read and write to the affected applications.” Indicates the Redmond-based company. In addition, the researcher who discovered this vulnerability has received a reward of $40,000 from Microsoft, which appreciates his help in detecting and fixing the problem. Ben-Sasson has explained in detail the bug detected in Bing and that allowed access to the CMS of the search engine to manipulate the search results. The problem is that, in addition to changing the keywords of related searches to change all kinds of search results. Worst of all, this security researcher discovered that the flaw made Bing vulnerable to XSS attacks and that personal data of Office365 users who entered their identifier in Bing could be accessed through this method. In this way, he was able to access “Outlook emails, Calendar, Teams messages and files stored in OneDrive, among other items.” Definitely a safety hazard. According to Ami Luttwak, head of technology at Wiz, such a vulnerability could have been exploited by “a nation-state trying to influence public opinion or a financially motivated hacker.” >

SEE ALSO  Huawei surprises with the first folding clamshell phone with four cameras (and one is very special)