Microsoft has recently addressed a significant security vulnerability that had persisted for five months within its Azure platform. The issue was resolved after Microsoft faced criticism over its alleged negligence in addressing the vulnerability’s impact on user security.
The vulnerability was identified within the Power Platform Custom Connectors feature, enabling unauthorized access to cross-tenant applications and sensitive data of Azure users. Tenable, a cybersecurity research firm, initially discovered the flaw in March 2023. The firm’s CEO, Amit Yoran, publicly chastised Microsoft for its perceived inaction, deeming its response “grossly irresponsible.”