Security News > 2021 > February > Microsoft admits some Azure, Exchange, Intune source code snaffled in SolarWinds schemozzle
Microsoft has admitted that as a result of installing backdoored SolarWinds tools in some parts of its corporate network, portions of its source code was obtained and exfiltrated by parties unknown.
"There was no case where all repositories related to any single product or service was accessed," the update advises, adding: "There was no access to the vast majority of source code. For nearly all of code repositories accessed, only a few individual files were viewed as a result of a repository search."
"For a small number of repositories, there was additional access, including in some cases, downloading component source code," the update states.
Microsoft's security team suggests there's no reason to worry about these leaks, because the attackers went looking for secrets in code.
Which leaves us with someone out there having a small sample of Microsoft source code to assess, and an assurance that code won't cause harm to Redmond's systems.
Whether the attackers have enough code to harm the rest of us, by crafting attacks on Azure, Exchange and Intune, remains to be seen.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/19/microsoft_source_code/
Related news
- Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)