Microsoft’s Office 365 service is a cloud-based platform that is designed to help businesses of all sizes use the productivity software as well as manage their users. In a new report hitting the web today, a serious vulnerability was discovered that impacted every account that used cross domain authentication, but thankfully the exploit has been patched.
This vulnerability was jointly discovered by Klemen Bratec from Šola prihodnosti Maribor, and Ioannis Kakavas from Greek Research and Technology Network, and it was a flaw in the execution of SAML. The vulnerability allowed for cross-domain authentication bypass impacting all federated domains; an attacker, using this method, could gain unrestricted access to a victim’s Office 365 account, including access to their email, files stored in OneDrive etc.
If you are interested in how the vulnerability was discovered and how the flaw could be executed, I highly suggest you read the source here, as it has detailed documentation of the exploit.
After the researchers detailed the issue to Microsoft, the vulnerability was closed within seven hours of receiving the report. Seeing as the proper channels were used to report the issue, Microsoft has acknowledged the researchers and their contributions to the service, here.
Office 365 is a core pillar of Microsoft’s software and considering this vulnerability was likely rated as critical, it’s not a surprise to see it patched so quickly. The productivity platform is a core pillar of Microsoft’s revenue and the company will do everything it can to make sure that its security meets the standards that the enterprise customers demand so that the service will not become a tarnished brand.