"That model is irretrievably broken if your cloud vendor doesn't notify you of issues as they arise and apply fixes openly."
"Cloud providers have long espoused the shared responsibility model," Yoran said in a post shared on LinkedIn.
#Angry birds friends redeem code 2018 windows
The months-long delay in patching the flaw attracted scrutiny from Tenable CEO Amit Yoran, who slammed the Windows maker for being "grossly irresponsible, if not blatantly negligent." Microsoft is said to have issued an initial fix on June 7, 2023, but it wasn't until August 2, 2023, that the vulnerability was completely plugged. The cybersecurity firm said the flaw arises as a result of insufficient access control to Azure Function hosts, leading to a scenario where a threat actor could intercept OAuth client IDs and secrets, as well as other forms of authentication. Tenable, which initially discovered and reported the shortcoming to Redmond on March 30, 2023, said the problem could enable limited, unauthorized access to cross-tenant applications and sensitive data. The company further noted that no customer action is required and that it found no evidence of active exploitation of the vulnerability in the wild. "The potential impact could be unintended information disclosure if secrets or other sensitive information were embedded in the Custom Code function." "The vulnerability could lead to unauthorized access to Custom Code functions used for Power Platform custom connectors," the tech giant said. Microsoft on Friday disclosed that it has addressed a critical security flaw impacting Power Platform, but not before it came under criticism for its failure to swiftly act on it.
0 kommentar(er)
