Microsoft Details

    Organization Logo

    Microsoft

    Redmond, Washington221000 employees • Technology and cloud computing

    https://www.microsoft.com

    Industry

    Technology and cloud computing

    Security Incidents

    4

    Microsoft Corporation, founded by Bill Gates and Paul Allen in 1975, is a global technology leader headquartered in Redmond, Washington. It is renowned for its Windows operating systems and Office productivity suite, alongside a diverse range of software, services, devices, and solutions that aim to empower both individuals and businesses. Microsoft has also made significant strides in cloud computing with its Azure platform, making it one of the largest cloud service providers in the world.

    Security Incidents

    Microsoft Breach of Jan 2024
    Severity Score
    Significant

    Type

    Ransomware Attack

    Summary

    On January 12, 2024, Microsoft's security team detected a nation-state attack on their corporate systems, identified as the Russian state-sponsored actor Midnight Blizzard, also known as Nobelium. The threat actor gained access in late November 2023 through a password spray attack on a legacy non-production test tenant account, compromising a small percentage of Microsoft corporate email accounts, including those of senior leadership and employees in cybersecurity, legal, and other functions. The actor exfiltrated some emails and attached documents, initially targeting information related to M...
    Show more

    Severity

    The Microsoft Exchange Online breach executed by the Chinese cyber-espionage group Storm-0558 highlighted significant vulnerabilities in Microsoft's security practices. The attack led to unauthorized access to the email accounts of U.S. and U.K. government officials, underscoring substantial security lapses despite the unsophisticated nature of the attack. With notable recommendations from the Department of Homeland Security and Microsoft's commitment to procedural improvements, the breach demonstrated a "Significant to High" severity level due to its impact on governmental entities and potent...
    Show more

    Impact

    Last summer's Microsoft Exchange Online hack, attributed to the Chinese government-linked group Storm-0558, had significant repercussions. The incident primarily involved a data breach where Microsoft Services Account (MSA) keys were stolen, allowing attackers to forge authentication tokens and access targeted email accounts, including those of US and UK government officials. Notably, no systems or services were taken offline, but the breach exposed a cascade of security failures within Microsoft. The attackers leveraged basic vulnerabilities, leading to increased scrutiny about Microsoft's en...
    Show more
    Microsoft Breach of Jul 2024
    Severity Score
    Significant to High

    Type

    Denial of Service (DoS) Attack

    Summary

    On July 30, 2024, Microsoft experienced a cyberattack that led to approximately ten hours of service disruption. The initial cause was a Distributed Denial-of-Service (DDoS) attack, which overwhelmed several services, including Outlook and Minecraft. An error in Microsoft’s defensive measures exacerbated the impact of the attack, leading to widespread issues across various Microsoft platforms.

    The disruption also affected services dependent on Microsoft’s infrastructure. Organizations like Cambridge Water and the HM Courts and Tribunals Service reported difficulties, and financial institution...
    Show more

    Severity

    The cyber attack on Microsoft had significant repercussions, primarily due to its impact on widely used services like Outlook and Minecraft, as well as other dependent platforms. The incident originated from a Distributed Denial-of-Service (DDoS) attack on July 30, 2024, but a subsequent defensive error exacerbated the situation, extending the service disruption to nearly ten hours. Numerous entities, including financial institutions and critical services such as the HM Courts and Tribunals Service, experienced downstream effects, highlighting the widespread impact.

    Given the sophistication ...
    Show more

    Impact

    The cyberattack on Microsoft on July 30, 2024, was primarily identified as a Distributed Denial-of-Service (DDoS) attack. This incident resulted in nearly ten hours of service disruptions, significantly affecting several key services like Outlook and Minecraft. While customer data exposure was not specifically mentioned, the unavailability of services caused widespread inconvenience and operational difficulties for many users and businesses that rely on Microsoft's platforms.

    Microsoft's defensive error during the attack exacerbated the outage, highlighting vulnerabilities in their mitigation...
    Show more
    Microsoft Breach of Aug 2024
    Severity Score
    Low

    Type

    Other

    Summary

    On August 6, Microsoft disclosed and fully mitigated a critical information disclosure vulnerability in Microsoft Copilot Studio, tracked as CVE-2024-38206 with a CVSS score of 8.5. The vulnerability was a server-side request forgery (SSRF) flaw that allowed authenticated attackers to bypass SSRF protections and access sensitive internal infrastructure.

    Tenable, a cybersecurity firm, reported that the SSRF vulnerability in Microsoft Copilot Studio allowed external web requests. Exploiting this flaw, Tenable gained access to Microsoft’s internal services, including the Instance Metadata Servic...
    Show more

    Severity

    The recent incident involving the SSRF vulnerability (CVE-2024-38206) in Microsoft Copilot Studio underscores a significant security lapse. Authenticated attackers had the potential to access critical internal infrastructure, including the Instance Metadata Service (IMDS) and Cosmos DB instances, by bypassing SSRF protections. This access allowed them to retrieve managed identity access tokens, which further enabled access to an Azure subscription's Cosmos DB endpoints with read/write permissions, posing a risk to data integrity and security.

    While the cross-tenant information was not comprom...
    Show more

    Impact

    The recent incident involving the SSRF vulnerability in Microsoft Copilot Studio, identified as CVE-2024-38206, had notable implications. This server-side request forgery flaw enabled authenticated attackers to leverage external web requests to access Microsoft's internal infrastructure. Specifically, attackers accessed the Instance Metadata Service (IMDS) and Cosmos DB instances, retrieving instance metadata and managed identity access tokens.

    With these tokens, attackers gained further access to an Azure subscription, including Cosmos DB endpoints, potentially obtaining master keys and read...
    Show more
    Microsoft Breach of Apr 2024
    Severity Score
    Significant

    Type

    Data Breach

    Summary

    Microsoft recently addressed a significant security lapse that exposed internal files and credentials on an Azure cloud storage server. Security researchers from SOCRadar identified the publicly accessible server, which included sensitive information related to Microsoft's Bing search engine, such as code, scripts, configuration files, passwords, and keys.

    The exposed Azure server was accessible to anyone on the internet without needing a password, potentially allowing malicious actors to locate other internal Microsoft storage sites. The researchers notified Microsoft on February 6, and the ...
    Show more

    Severity

    The recent exposure of internal Microsoft files and credentials on an unprotected Azure storage server poses a significant security risk. The leaked credentials and configuration files, although temporary and now disabled, could have potentially aided malicious actors in identifying other internal storage locations or accessing additional systems. Given that this lapse follows a series of similar incidents at Microsoft, including breaches facilitated by China-backed hackers and Russian state-backed hackers, the incident reflects a concerning trend in Microsoft's cloud security posture.

    Nevert...
    Show more

    Impact

    Microsoft’s recent security lapse involved an open and public Azure storage server that exposed internal files and credentials, particularly relating to their Bing search engine. The server contained sensitive code, scripts, and configuration files with passwords and keys, which were accessible without any password protection, potentially putting other internal databases and systems at risk.

    While customer data does not appear to have been exposed, the internal nature of the compromised files could significantly impact Microsoft's operations. Such access could potentially inform malicious ac...
    Show more