A critical vulnerability in Microsoft’s Power Platform, which exposed authentication data and sensitive information, has raised concerns over the tech giant’s response. Researchers from Tenable discovered the flaw, caused by insufficient access control to Azure Function hosts in the Power Platform, allowing attackers to interact with underlying code without authentication. Exploiting this could have granted unauthorized access to cross-tenant applications and sensitive data. Tenable reported the vulnerability to Microsoft in March, but it took several months for a partial fix to be implemented, prompting criticism from industry experts, including Tenable’s CEO Amit Yoran. Microsoft later extended the fix to previously affected hosts after public pressure.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.