A flaw in Microsoft Bing could change search results

A flaw in Microsoft Bing could change search results

A serious security flaw has been found in Bing search results. Fortunately, more fear than harm.

A serious security vulnerability was recently discovered. This allows experts to purposefully modify Bing search results. The vulnerability was discovered last January by cybersecurity company Wiz, who immediately reported it to the Microsoft Security Response Center (MSRC).

Serious security vulnerability found in Bing search results

In a Twitter conversation, Wiz researcher Hillay Ben-Sasson explained how he managed to hack Bing’s content management system (CMS). By connecting to the Microsoft Azure cloud platform, he found that he could give all users access to the firm’s internal applications from Redmond. He then accessed the Bing search results database. From there, Hillay Ben-Sasson found a way to change what appears in the results as desired.

Wiz researchers also discovered that Bing is vulnerable to a cross-site scripting (XSS) attack and found that they have access to sensitive Office 365 data, including Outlook emails, from the calendar, and messages from Teams. MSRC detailed the relevant security updates and shared its best practices for Azure developers and administrators in a blog post.

Fortunately, more fear than harm

The purpose of these researchers’ experiments was to show that this is possible and share it with Microsoft. But it also shows how hackers could harm Bing. “An attacker with the same access could have hijacked the most popular search results using the same procedure and thereby leaked the data of millions of users,” the Wiz blog post says.

Fortunately, more fear than harm, so to speak, no serious damage seems to have been done. Microsoft confirmed that this vulnerability was patched over the weekend. And at the same time, Wiz received a $40,000 bounty from his bug-finding bounty program for reporting a bug. The company announced that it would donate it to an organization of its choice.

I hacked @Bing CMS, which allowed me to change search results and take over millions of @Office365 accounts.
How did I do it? Well, it all started with a simple click at @Azure … ?
This is the story of #BingBang ?⬇️ pic.twitter.com/9pydWvHhJs

— Hillai Ben-Sasson (@hillai) March 29, 2023

News
admin

Leave a Reply

Your email address will not be published. Required fields are marked *

The Best Calorie Counting Apps for iPhone and iPad in 2023
ARK: Survival Ascended, ARK: Survival Evolved Remastered with Unreal Engine 5
Repair error 0x8007001F in the Microsoft Store

Repair error 0x8007001F in the Microsoft Store

  • 19 May 2023
  • 18
After 40 years, Microsoft-branded mouse and keyboards are being phased out

After 40 years, Microsoft-branded mouse and keyboards are being phased out

  • 28 Apr 2023
  • 11
SwiftKey for iOS was dead, and now so is Bing Chat.

SwiftKey for iOS was dead, and now so is Bing Chat.

  • 14 Apr 2023
  • 7