FROM CHAOS TO COMPLIANCE

This Wednesday | 12 PM EDT / 4 PM CEST

Action1 5 Blog 5 Azure AD Multi-Tenant Vulnerability and “BingBang”

Azure AD Multi-Tenant Vulnerability and “BingBang”

March 30, 2023

By Mike Walters

Security experts at Wiz recently identified numerous misconfigured Azure AD applications in public-facing corporate websites and some general-purpose applications. It is important to note that this is not a bug within Azure AD, but rather a result of developers not fully understanding certain functionality, including those at Microsoft.

In a specific instance involving Microsoft, Wiz researchers were able to ethically hack into the Bing search engine and successfully modify its search results. This feat was aptly dubbed “BingBang.” Furthermore, when combined with another attack method (XSS), it could be used to access sensitive information from any Office 365 user authenticated with Bing for the purpose of searching within corporate emails and other data. Microsoft reportedly rewarded the Wiz researchers with a $40,000 bug bounty for their discovery.

For those utilizing Azure AD, the question now is: how does this impact your environment? In short, if you have any Azure AD applications (third-party or your own) configured as multi-tenant, yes, your environment may be vulnerable. Begin by examining your Azure AD for potentially vulnerable applications using the following Azure CLI command:

az ad app list –filter “(signinaudience eq ‘AzureADMultipleOrgs’ or signinaudience eq ‘AzureADandPersonalMicrosoftAccount’)” –query “[?web && web.homePageUrl].{AppName:displayName, AppID:appId, AppURL:web.homePageUrl}”

If this query returns any results, assess each application individually. The most straightforward solution is to switch them to single-tenant authentication, which will disable access for external users. If specific external users need access, carefully review and configure the appropriate access levels.

About Action1

Action1 provides a risk-based patch management solution for distributed work-from-anywhere organizations. Action1 helps to discover, prioritize, and remediate vulnerabilities in a single solution to prevent security breaches and ransomware attacks. It automates patching of third-party applications, patching of operating systems, drivers, and firmware, ensuring continuous patch compliance and remediation of security vulnerabilities before they are exploited.

See What You Can Do with Action1

 

Join our weekly LIVE demo “Patch Management That Just Works with Action1” to learn more

about Action1 features and use cases for your IT needs.

 

spiceworks logo
getapp logo review
software advice review
trustradius
g2 review
spiceworks logo

Related Posts

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.