Security News > 2021 > February > Microsoft admits some Azure, Exchange, Intune source code snaffled in SolarWinds schemozzle

Microsoft has admitted that as a result of installing backdoored SolarWinds tools in some parts of its corporate network, portions of its source code was obtained and exfiltrated by parties unknown.

"There was no case where all repositories related to any single product or service was accessed," the update advises, adding: "There was no access to the vast majority of source code. For nearly all of code repositories accessed, only a few individual files were viewed as a result of a repository search."

"For a small number of repositories, there was additional access, including in some cases, downloading component source code," the update states.

Microsoft's security team suggests there's no reason to worry about these leaks, because the attackers went looking for secrets in code.

Which leaves us with someone out there having a small sample of Microsoft source code to assess, and an assurance that code won't cause harm to Redmond's systems.

Whether the attackers have enough code to harm the rest of us, by crafting attacks on Azure, Exchange and Intune, remains to be seen.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/02/19/microsoft_source_code/