"Some can be completed and safely applied very quickly, others can take longer. "Not all fixes are equal," it further added. The tech giant, in its own alert, said it follows an extensive process of investigating and deploying fixes and that "developing a security update is a delicate balance between speed and safety of applying the fix and quality of the fix." "What you hear from Microsoft is 'just trust us,' but what you get back is very little transparency and a culture of toxic obfuscation." Learn how to secure your corporate SaaS applications and protect your data, even after a breach. "That model is irretrievably broken if your cloud vendor doesn't notify you of issues as they arise and apply fixes openly." UPCOMING WEBINARÄetect, Respond, Protect: ITDR and SSPM for Complete SaaS SecurityÄiscover how Identity Threat Detection & Response (ITDR) identifies and mitigates threats with the help of SSPM. "Cloud providers have long espoused the shared responsibility model," Yoran said in a post shared on LinkedIn. The months-long delay in patching the flaw attracted scrutiny from Tenable CEO Amit Yoran, who slammed the Windows maker for being "grossly irresponsible, if not blatantly negligent." Microsoft is said to have issued an initial fix on June 7, 2023, but it wasn't until August 2, 2023, that the vulnerability was completely plugged. The cybersecurity firm said the flaw arises as a result of insufficient access control to Azure Function hosts, leading to a scenario where a threat actor could intercept OAuth client IDs and secrets, as well as other forms of authentication. Tenable, which initially discovered and reported the shortcoming to Redmond on March 30, 2023, said the problem could enable limited, unauthorized access to cross-tenant applications and sensitive data. The company further noted that no customer action is required and that it found no evidence of active exploitation of the vulnerability in the wild. "The potential impact could be unintended information disclosure if secrets or other sensitive information were embedded in the Custom Code function." "The vulnerability could lead to unauthorized access to Custom Code functions used for Power Platform custom connectors," the tech giant said. Microsoft on Friday disclosed that it has addressed a critical security flaw impacting Power Platform, but not before it came under criticism for its failure to swiftly act on it.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |