Bing vulnerability made it possible to alter search results
A major security exploit that let researchers change Bing search results was revealed this week.
The vulnerability was discovered in January by cybersecurity research company Wiz and reported to the Microsoft Security Response Center (MSRC).
In a Twitter thread, Wiz researcher Hillai Ben-Sasson explained how he was able to hack into Bing's content management system (CMS). By logging into Microsoft's cloud computing platform Azure, he discovered that he could grant all users access to internal Microsoft apps. He then accessed a database of Bing's search results. From there, Ben-Sasson figured out that he could actually modify what showed up in the results.
Wiz researchers also discovered that Bing was vulnerable to a Cross-Site Scripting (XSS) attack and discovered they had access to sensitive Office 365 data including Outlook emails, Calendar information, and Teams messages. MSRC detailed security updates and shared recommendations for Azure AD admins and developers in its blog post.
The purpose of the researchers' experiment was to show that it was possible and share its findings with Microsoft. But it shows how malicious hackers could have wreaked havoc for Bing.
Related Stories
- Oh great, Microsoft's Bing AI chatbot is getting more ads
- Microsoft threatens to cut-off rival AI chatbots from Bing data
- Bing vs. Bard: The ultimate AI chatbot showdown
- Meet Copilot, Microsoft's AI tool for work and productivity
- The ChatGPT bug exposed more private data than previously thought, OpenAI confirms
"A malicious actor with the same access could’ve hijacked the most popular search results with the same payload and leak sensitive data from millions of users," said the Wiz blog post. Luckily it was caught before any major damage was done.
Tweet may have been deleted
Microsoft confirmed that it has been fixed as of March 29. Wiz received a $40,000 "bug bounty" for reporting the vulnerability, which it it plans to donate to an unspecified recipient.
(责任编辑:行业动态)
- Smiley face on Mars is a telltale sign of its past
- 西门大桥提前解除交通管制
- Hate crime study shows Facebook stokes violence against refugees
- The harsh but hollow anti
- Students get free entry at second Rawalpindi Test but what’s the catch?
- South Korean lawmakers brace for US election as Harris, Trump diverge on North Korea
- Foden must stay calm to reach next level, says Guardiola
- Angelino soars at Leipzig after struggling under Guardiola
- Samsung deleted ads that mocked iPhone for its lack of headphone jack
- 18 Slightly Submerged Architectural Wonders
- Flick demands embattled Bayern bounce back at Lazio
- Nawaz Sharif is out as prime minister of Pakistan.
- Koreas to restart joint excavation of historic palace site in Kaesong [PHOTOS]
-
Garmin Fenix 8 vs. Apple Watch Ultra: The Fenix wins big on battery life
Garmin's got a new flagship in its rugged smartwatch category, the Garmin Fenix 8. The company's Fen ...[详细] -
Cheeky seal gets chased away by weary fishmonger, goes viral
Meet the greatest fish-thief in all of Ireland.SEE ALSO:Trio of bears have a fun night out at Taco B ...[详细] -
OnePlus 6T might be sold exclusively at T
It looks like OnePlus is finally ready to join the big leagues in the U.S. The darling smartphone st ...[详细] -
平均亩产1356.6公斤,化州市一玉米绿色高质高效示范片通过验收
平均亩产1356.6公斤,化州市一玉米绿色高质高效示范片通过验收_南方+_南方plus4月17日,化州市中垌镇德成家庭农场玉米绿色高质高效示范片顺利通过验收。此次验收由茂名市农业农村局组织验收专家进行 ...[详细] -
9 Planetariums to Get Lost in the Cosmos
The constellations, planets, and moons that make up the night sky feel far from human reach—because ...[详细] -
17日,全市脱贫攻坚总结推进会召开,图为与会人员认真聆听,仔细记录。雅安日报/北纬网记者张毅摄昨17)日,全市脱贫攻坚总结推进会对脱贫攻坚工作进行了一次全面“诊断”:总结近年来的实践成果和制度成果,查 ...[详细]
-
□ 朱恒超作为一名基层工作者,要做好新时期卫生计生工作,我认为首先要解决好“发展振兴为了谁、发展振兴依靠谁”这一根本问题,把“发展振兴为了谁、发展振兴依靠谁”融入卫生计生工作全过程。“发展振兴为了谁” ...[详细]
-
Advanced geothermal drilling is 70% faster and 50% cheaper than 2022
Geothermal development company Fervo Energy has announced impressive strides being made at its Cape ...[详细] -
Gastro Obscura's Guide to Where to Eat in Nashville
Every month, thousands of bachelorette parties don their TEAM BRIDE sashes and descend on Nashville. ...[详细] -
Biegun urges N. Korea to return to nuclear talks
US Deputy Secretary of State Stephen Biegun speaks at the Asan Institute for Policy Studies in Seoul ...[详细]
Update your BIOS: Utilities from Top Motherboard Makers
Over 50,000 people petition for punishing 'no
- Ford can make your Mustang Mach
- Moon, Kim attend North Korea's mass gymnastics performance
- Spain looks to Real and Atletico to halt La Liga decline
- Kamala Harris says it's been 'strange' to see her waving hand moment become a meme
- 多措并举优治理 绘就幸福新图景
- Universal cancels release of politically charged thriller, 'The Hunt'
- 2017川茶网购节在成都启动 我市18家茶企参与展销活动