Wednesday, September 06, 2023
March 12, 2024 update As part of our continued commitment to transparency and trust outlined in Microsoft’s Secure Future Initiative, we are providing further information as it relates to our ongoing investigation. This new information does not change the customer guidance we previously shared, nor have our ongoing investigations revealed additional impact to Microsoft or our customers.
Wednesday, September 06, 2023
本ブログは、Results of Major Technical Investigations for Storm-0558 Key Acquisition の抄訳版です。最新の情報は原文を参照してください。 ** 2024 年 3
Tuesday, June 20, 2023
本ブログは、Potential Risk of Privilege Escalation in Azure AD Applications の抄訳版です。最新の情報は原文を参照してください。 概要
Tuesday, June 20, 2023
Summary Microsoft has developed mitigations for an insecure anti-pattern used in Azure AD (AAD) applications highlighted by Descope, and reported to Microsoft, where use of the email claim from access tokens for authorization can lead to an escalation of privilege. An attacker can falsify the email claim in tokens issued to applications.
Thursday, March 30, 2023
本ブログは、Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD の抄訳版です。最新の情報は原文を参照してください
Wednesday, November 13, 2019
Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the presenter authorized to be recorded are now online and available to anyone.
