Security News > 2020 > September > MFA Bypass Bugs Opened Microsoft 365 to Attack
Bugs in the multi-factor authentication system used by Microsoft's cloud-based office productivity platform, Microsoft 365, opened the door for hackers to access cloud applications via a bypass of the security system, according to researchers at Proofpoint.
The flaws exist in the implementation of what is called the WS-Trust specification in cloud environments where WS-Trust is enabled and used with Microsoft 365, formerly called Office 365.
"Due to the way Microsoft 365 session login is designed, an attacker could gain full access to the target's account," Itir Clarke, senior product marketing manager for Proofpoint's Cloud Access Security Broker, in a report posted online Tuesday.
She said the Microsoft implementation of the standard gives attackers a number of ways to bypass MFA and access its cloud services, paving the way for various attacks-including real-time phishing, channel hijacking and the use of legacy protocols.
The WS-Trust protocol, Proofpoint said, opens the door for attackers to exploit Microsoft 365 cloud services to multiple attack scenarios.
News URL
https://threatpost.com/flaws-in-microsoft-365s-mfa-access-cloud-apps/159240/
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- New Mamba 2FA bypass service targets Microsoft 365 accounts (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)