Microsoft Patches Office 365 Platform Against SAML Exploit

  • 28 April 2016
  • 4 replies
  • 2 views

Userlevel 7
Badge +54

Attackers could have logged into any Office 365 domain

 
                                http://i1-news.softpedia-static.com/images/fitted/340x180/microsoft-patches-entire-office-365-platform-against-saml-exploit.jpg
 
Apr 28, 2016 16:00 GMT  ·  By Catalin Cimpanu Within seven hours of being notified of a serious authentication bypass flaw in its SAML system for the Office 365 platform, Microsoft issued a temporary patch and started work on a permanent fix to address the issue, two security researchers have revealed today.
 
SAML is short for Security Assertion Markup Language, an XML-based standard that governs how two parties talk to each other for the purpose of authenticating and authorizing users to access various resources.
 
Full Article

4 replies

Userlevel 7
Ouch...that has got to  hurt but all kudos for the speed of response that Microsoft have shown with regard to this one. As an Office 365 user I definately applaud that. 
Userlevel 7
Badge +25
Massive security flaw found in Microsoft Office 365 leaving world's largest companies exposed
April 29, 2016 12:13 BST
 
Two security researchers have discovered a huge flaw that enables attackers to access all accounts and files in a company's Office 365 subscription
 
Two independent European security researchers have discovered a massive security flaw in Microsoft's Office 365 product that would make it possible for an attacker to gain unrestricted access to almost any business account and access company Outlook Online email accounts, Skype for Business, OneNote and OneDrive online storage.
 
In December 2015, Ioannis Kakavas, from the Greek Research and Technology Network, and Klemen Bratec, from Šola prihodnosti Maribor in Slovenia, notified Microsoft that they had discovered a severe vulnerability affecting how Microsoft Office 365 handles federated identities via Security Assertion Markup Language (SAML) Service Provider implementation.
 
 
How the flaw was possible (red full article below)
 
http://www.ibtimes.co.uk/massive-security-flaw-found-microsoft-office-365-leaving-worlds-largest-companies-exposed-1557458
 
Under this article was
Userlevel 7
Badge +36
Thans for the Peek-a-Boo Julie..........................an interesting read!
Userlevel 7
Badge +25
Hi ? 
 
Your welcome 😉

Reply