Microsoft fixes Azure BingBang bug that allowed Bing search hijacking and leaked private data

Microsoft has addressed a serious flaw in Azure Active Directory which was dubbed BingBang by the security researchers that discovered it. The vulnerability not only made it possible to manipulate Bing search results, but also to access private data from Outlook, Office 365 and Teams. The issue stemmed from an Azure misconfiguration; it dates back to January this year, but Microsoft has only just plugged the hole. See also: Microsoft is bringing a new Registry Preview utility to PowerToys Microsoft releases KB5023778 update for Windows 11 bringing fixes, taskbar improvements and Start menu notifications Microsoft's Windows 12 plans revealed Security… [Continue Reading]