A dangerous vulnerability was detected in Microsoft’s Bing search engine earlier this year that allowed users to alter search results and access other Bing users’ private information from the likes of Teams, Outlook, and Office 365. Back in January, security researchers at Wiz discovered a misconfiguration in Azure — Microsoft’s cloud computing platform — that compromised Bing, allowing any Azure user to access applications without authorization.
The vulnerability was detected in the Azure Active Directory (AAD) identity and access management service. Applications using the platform’s multi-tenant permissions are accessible by any Azure user, requiring developers to validate which users can access their apps. This responsibility isn’t...