By using this site, you agree to the Privacy Policy and Terms of Use.
Accept

News Junction

Notification Show More
Font ResizerAa
  • Home
  • World News
    World NewsShow More
    Is Trump walking away from peace in Ukraine? | US News
    Is Trump walking away from peace in Ukraine? | US News
    May 20, 2025
    How the U.S. is Tapping a Much Bigger Well in The Middle East
    How the U.S. is Tapping a Much Bigger Well in The Middle East
    May 20, 2025
    Biden’s cancer diagnosis renews transparency concerns; Trump claims coverup | Health News
    Biden’s cancer diagnosis renews transparency concerns; Trump claims coverup | Health News
    May 20, 2025
    Trump reveals difficult relationship with Zelensky — RT World News
    Trump reveals difficult relationship with Zelensky — RT World News
    May 20, 2025
    Stock market news today: live updates
    Stock market news today: live updates
    May 20, 2025
  • Business
    BusinessShow More
    Ukraine blows up bridges to consolidate its positions in Russia
    Ukraine blows up bridges to consolidate its positions in Russia
    August 18, 2024
    Commentary: AI phones from Google and Apple will erode trust in everything
    Commentary: AI phones from Google and Apple will erode trust in everything
    August 18, 2024
    The most famous Indian Dishes – Insights Success
    The most famous Indian Dishes – Insights Success
    August 18, 2024
    Life on the road as a female long rides cyclist
    Life on the road as a female long rides cyclist
    August 18, 2024
    UK inflation rises to 2.2%
    UK inflation rises to 2.2%
    August 18, 2024
  • Cryptocurrency
    CryptocurrencyShow More
    Price predictions 5/19: SPX, DXY, BTC, ETH, XRP, BNB, SOL, DOGE, ADA, SUI
    Price predictions 5/19: SPX, DXY, BTC, ETH, XRP, BNB, SOL, DOGE, ADA, SUI
    May 20, 2025
    Bitcoin trading in six-figure territory shows BTC is ready to carry gold’s ‘baton’ — Fidelity exec
    Bitcoin trading in six-figure territory shows BTC is ready to carry gold’s ‘baton’ — Fidelity exec
    May 20, 2025
    Binance wants arbitration for all members of securities class suit
    Binance wants arbitration for all members of securities class suit
    May 20, 2025
    US Senate moves forward with GENIUS stablecoin bill
    US Senate moves forward with GENIUS stablecoin bill
    May 20, 2025
    Circle reportedly weighing sale to Coinbase or Ripple despite IPO plans
    Circle reportedly weighing sale to Coinbase or Ripple despite IPO plans
    May 20, 2025
  • Technology
    TechnologyShow More
    How to Improve Your Spotify Recommendations
    How to Improve Your Spotify Recommendations
    August 18, 2024
    X says it’s closing operations in Brazil
    X says it’s closing operations in Brazil
    August 18, 2024
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    Supermoon set to rise: Top tips for amateur photographers | Science & Tech News
    August 18, 2024
    Scientists Want to See Videos of Your Cat for a New Study
    Scientists Want to See Videos of Your Cat for a New Study
    August 18, 2024
    OpenAI’s new voice mode let me talk with my phone, not to it
    OpenAI’s new voice mode let me talk with my phone, not to it
    August 18, 2024
  • Entertainment
  • Sports News
  • People
  • Trend
Reading: Microsoft fixes Azure flaw that was subject of researcher criticism
Share
Font ResizerAa

News Junction

  • World News
  • Business
  • Technology
  • Cryptocurrency
  • Trend
  • Entertainment
Search
  • Recent Headlines in Entertainment, World News, and Cryptocurrency – NewsJunction
  • World News
  • Business
  • Cryptocurrency
  • Technology
  • Entertainment
  • Sports News
  • People
  • Trend
Have an existing account? Sign In
Follow US
News Junction > Blog > Technology > Microsoft fixes Azure flaw that was subject of researcher criticism
Microsoft fixes Azure flaw that was subject of researcher criticism
Technology

Microsoft fixes Azure flaw that was subject of researcher criticism

Published August 7, 2023
Share
6 Min Read
SHARE

Microsoft has publicly confirmed that a potentially dangerous flaw in the Azure public cloud platform – which was the subject of a full and frank attack on the firm’s vulnerability reporting and disclosure processes by Tenable CEO Amit Yoran last week – has been fully addressed for all affected users.

Microsoft had already told Computer Weekly that a fix had been issued and that no further action was necessary. However, since then, it has issued a wider statement on the matter.

In this statement, Microsoft said that all affected customers were notified about the issue via the Microsoft 365 Admin Centre beginning on Thursday 4 August 2023. This was sent using a Data Privacy tag meaning only users with global admin role or a Message Centre privacy reader role can view it. Customers that did not receive any notification can safely assume they need do nothing further.

Full technical details of the flaw have still not been released, pending a full disclosure which at the time of writing, remains scheduled for late September. The bug exists within Power Platform Custom Connectors using Custom Code, a feature that allows users to write their own code for custom connectors.

“The vulnerability could lead to unauthorised access to Custom Code functions used for Power Platform custom connectors. The potential impact could be unintended information disclosure if secrets or other sensitive information were embedded in the Custom Code function,” wrote the Microsoft Security Response Centre (MSRC) team. 

“Our investigation into the report identified anomalous access only by the security researcher that reported the incident, and no other actors,” they added.

Tenable had initially reported the flaw to Microsoft at the end of March, and Yoran’s outspoken remarks – initially made in a post to social media platform LinkedIn – came after the organisation grew increasingly frustrated at the length of time it was taking to issue a fix and disclose the vulnerability.

Yoran said this lengthy process – now over 120 days – was putting Tenable’s customers at risk. Not only that, he added, but they had “no idea” they were at risk and could not make an informed decision about compensating controls or other mitigations.

“Microsoft claims that they will fix the issue by the end of September, four months after we notified them. That’s grossly irresponsible, if not blatantly negligent. We know about the issue, Microsoft knows about the issue, and hopefully threat actors don’t,” he said.

The MSRC said that the initial fix, which went live on 7 June, had mitigated the issue for the majority of customers, but subsequent investigation had uncovered that a small subset of Custom Code in a soft deleted state – which exists to enable quick recovery should someone accidentally hit the backspace key – was still affected. Work to address this issue was completed by Wednesday 2 August.

“As part of preparing security fixes, we follow an extensive process involving thorough investigation, update development, and compatibility testing. Ultimately, developing a security update is a delicate balance between speed and safety of applying the fix and quality of the fix,” said Microsoft.

“Moving too quickly could result in more customer disruption, in terms of availability, than the risk customers bear from an embargoed security vulnerability. The purpose of an embargo period is to provide time for a quality fix. Not all fixes are equal. Some can be completed and safely applied very quickly, others can take longer.

“In order to protect our customers from an exploit of an embargoed security vulnerability, we also start to monitor any reported security vulnerability of active exploitation and move swiftly if we see any active exploit,” it said.

The MSRC team reiterated that Microsoft “appreciates” being part of an ecosystem focused on protecting customers, and the work that the security community puts in to help research and disclose vulnerabilities.

Responding to the MSRC statement, Tenable’s Amit Yoran said: “ It now appears that it was either fixed [last week] or we were blocked from testing. We don’t know the fix, or mitigation, so hard to say if it’s truly fixed or if Microsoft had put a control in place like a firewall rule or ACL to block us.

“When we find vulns in other products, vendors usually inform us of the fix so we can validate it effectively. With Microsoft Azure that doesn’t happen, so it’s a black box, which is also part of the problem. The ‘just trust us’ lacks credibility with the current track record,” he added.

#Microsoft #fixes #Azure #flaw #subject #researcher #criticism

TAGGED:AzurecriticismfixesFlawMicrosoftResearchersubject
Share This Article
Facebook Twitter Pinterest Whatsapp Whatsapp LinkedIn Email Copy Link Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Exploring Virtual Office Solutions in London – Insights Success Exploring Virtual Office Solutions in London – Insights Success
Next Article CryptoMinerBros Celebrates 5 Years of Building the Future in the Crypto Mining Community CryptoMinerBros Celebrates 5 Years of Building the Future in the Crypto Mining Community
- Advertisement -

Latest Post

Is Trump walking away from peace in Ukraine? | US News
Is Trump walking away from peace in Ukraine? | US News
World News
Price predictions 5/19: SPX, DXY, BTC, ETH, XRP, BNB, SOL, DOGE, ADA, SUI
Price predictions 5/19: SPX, DXY, BTC, ETH, XRP, BNB, SOL, DOGE, ADA, SUI
Cryptocurrency
Bitcoin trading in six-figure territory shows BTC is ready to carry gold’s ‘baton’ — Fidelity exec
Bitcoin trading in six-figure territory shows BTC is ready to carry gold’s ‘baton’ — Fidelity exec
Cryptocurrency
How the U.S. is Tapping a Much Bigger Well in The Middle East
How the U.S. is Tapping a Much Bigger Well in The Middle East
World News
Binance wants arbitration for all members of securities class suit
Binance wants arbitration for all members of securities class suit
Cryptocurrency
Biden’s cancer diagnosis renews transparency concerns; Trump claims coverup | Health News
Biden’s cancer diagnosis renews transparency concerns; Trump claims coverup | Health News
World News
- Advertisement -

You Might Also Like

Kitty Pryde Breaks Krakoa’s Laws Forever
Technology

Kitty Pryde Breaks Krakoa’s Laws Forever

August 4, 2023
Blue Beetle’s Post-Credits Scenes, Explained
Technology

Blue Beetle’s Post-Credits Scenes, Explained

August 19, 2023
AI Wants to Nuke Everyone While Helping You Find Love
Technology

AI Wants to Nuke Everyone While Helping You Find Love

February 11, 2024
Spotted Lanternflies Are Flapping About Again. Squash Them!
Technology

Spotted Lanternflies Are Flapping About Again. Squash Them!

August 4, 2023

About Us

NEWS JUNCTION (NewsJunction.xyz) Your trusted destination for global news. Stay informed with our timely and accurate reporting on diverse topics, including politics, technology, science, entertainment, sports, and more. Count on us for unbiased and reliable updates at your fingertips.

Quick Link

  • About
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • Contact

Top Categories

  • World News
  • Business
  • Technology
  • Entertainment
  • Cryptocurrency
  • Sports News
  • Trend
  • People

Subscribe

Subscribe to our newsletter to get our newest articles instantly!

    © 2023 News Junction.
    • Blog
    • Advertise
    • Contact
    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?