Enlarge (credit: Aurich Lawson | Getty Images) Microsoft has escaped the recent backlash against the power and wealth of the biggest US tech companies. Despite a stock market value that has soared to more than $2 trillion on its dominance of various parts of the business software market, it has avoided a repeat of the […]
Enlarge (credit: Michael Dziedzic) A public proof-of-concept (PoC) exploit has been released for the Microsoft Azure Active Directory credentials brute-forcing flaw discovered by Secureworks and first reported by Ars. The exploit enables anyone to perform both username enumeration and password brute-forcing on vulnerable Azure servers. Although Microsoft had initially called the Autologon mechanism a “design” […]
Enlarge (credit: Michael Dziedzic) Imagine having unlimited attempts to guess someone’s username and password without getting caught. That would make an ideal scenario for a stealthy threat actor—leaving server admins with little to no visibility into the attacker’s actions, let alone the possibility of blocking them. A newly discovered bug in Microsoft Azure’s Active Directory […]
Enlarge / This isn’t how the OMIGOD vulnerability works, of course—but lightning is much more photogenic than maliciously crafted XML. (credit: Aurich Lawson | Getty Images) Cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service—has found another hole in Azure. The new vulnerability impacts Linux virtual machines […]
Enlarge / Cosmos DB is a managed database service offering—including both relational and noSQL data structures—belonging to Microsoft’s Azure cloud infrastructure. (credit: Microsoft ) Cloud security vendor Wiz announced yesterday that it found a vulnerability in Microsoft Azure’s managed database service, Cosmos DB, that granted read/write access for every database on the service to any […]
Enlarge / In 2017, Tux was sad that he had a Microsoft logo on his chest. In 2021, he’s mostly sad that Microsoft’s repositories were down for most of a day. (credit: Jim Salter) Yesterday, packages.microsoft.com—the repository from which Microsoft serves software installers for Linux distributions including CentOS, Debian, Fedora, OpenSUSE, and more—went down hard, […]
File under “You can’t do this with 32-bit addressing”: 1,600 projects and about 300,000 individual files open at once in VS 2022. [credit: Microsoft ] Earlier today, Microsoft offered us a peek at Visual Studio 2022, which will offer its first public preview builds later this summer. If you’re into the Visual Studio ecosystem, this looks […]
Expand / Computer processor using Chinese flag, 3d conceptual case. (charge: Steve McDowell / / Agefotostock) Fortune 500 companies are not the only ones linking to cloud hosting providers such as Microsoft Azure. Increasingly, hackers operating on behalf of the Chinese authorities will also be hosting their resources at the cloud, and that is keeping […]