On 12-July-23, Microsoft disclosed that it had detected a sophisticated cyberattack targeting around 25 organizations that use its Exchange Online and Azure Active Directory (AD) services. The attackers exploited a previously unknown vulnerability in the GetAccessTokenForResourceAPI, which has since been fixed, to forge signed access tokens and gain unauthorized access to accounts within the affected organizations.  The victims of this attack included government agencies in the U.S. and Western Europe, such as the U.S. State and Commerce Departments.

On Friday 21-Jul-23, Wiz security researcher Shir Tamari said that the impact extended to all Azure AD applications operating with Microsoft’s OpenID v2.0.¬† “This includes managed Microsoft applications, such as Outlook, SharePoint, OneDrive, and Teams, as well as customers’ applications that support Microsoft Account authentication, including those who allow the ‘Login with Microsoft’ functionality,” Tamari said.

Read more by clicking the link below.