This week’s revelations revealed a significant security vulnerability that allowed researchers to change Bing search results.
Wiz, a cybersecurity company, discovered the vulnerability in January and reported it to Microsoft Security Response Center (MSRC).
Hillai Ben-Sasson, a Wiz researcher, explained in a Twitter thread how he was capable of hacking into Bing’s content-management system (CMS). After logging in to Microsoft’s cloud computing service Azure, he found that all users could access internal Microsoft apps. Then he accessed a Bing search result database. Ben-Sasson discovered that he could modify the results.
Wiz researchers also found that Bing was susceptible to Cross-Site Scripting attack. They had access Office 365 data such as Outlook emails, Calendar information, Teams messages, and more. MSRC shared security updates with Azure AD developers in a blog post.
Use the best VPN to protect your privacy
The researchers conducted the experiment to prove it was possible. They also shared their findings with Microsoft. It didn’t…