Security News > 2021 > February > Microsoft admits some Azure, Exchange, Intune source code snaffled in SolarWinds schemozzle
Microsoft has admitted that as a result of installing backdoored SolarWinds tools in some parts of its corporate network, portions of its source code was obtained and exfiltrated by parties unknown.
"There was no case where all repositories related to any single product or service was accessed," the update advises, adding: "There was no access to the vast majority of source code. For nearly all of code repositories accessed, only a few individual files were viewed as a result of a repository search."
"For a small number of repositories, there was additional access, including in some cases, downloading component source code," the update states.
Microsoft's security team suggests there's no reason to worry about these leaks, because the attackers went looking for secrets in code.
Which leaves us with someone out there having a small sample of Microsoft source code to assess, and an assurance that code won't cause harm to Redmond's systems.
Whether the attackers have enough code to harm the rest of us, by crafting attacks on Azure, Exchange and Intune, remains to be seen.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/19/microsoft_source_code/
Related news
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft re-releases Exchange updates after fixing mail delivery (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)