Comments

You must log in or register to comment.

SaxyOmega90125 t1_jec71r7 wrote

A major security flaw and/or general instability in Microsoft products? I'm shocked.

97

d_pyro t1_jec9cjt wrote

And they only paid $40K to report it.

36

VoidMageZero t1_jecvy9n wrote

That’s the real crime. Big companies with billions of dollars are lowballing the good guys trying to help them.

34

Edwerd_ t1_jeeapbh wrote

Doesn't google only give like 30k bounties for exploits regarding remote Google account access?

3

host65 t1_jedtfal wrote

This info is worth a lot more than 3dev months

7

Rudy69 t1_jef7lhg wrote

'Awards' like these are exactly why people sell their exploits to the black market. You could literally modify search results.... I know Bing has a small marketshare but that's wild

5

Beatless7 t1_jecnpq5 wrote

Fooled almost 20 people.

27

Rosellis t1_jed76qn wrote

It wasn’t really a security flaw but a misconfiguration. Glad nobody seems to have exploited it before it was patched.

7

SydneyRei t1_jee2kas wrote

Fortunately, no one has ever used Bing to google something so no data was actually lost.

6

Hudell t1_jeeu8fj wrote

Some time ago I used Bing for a few days by accident and I was literally getting mad at how bad my search results were. Google itself has been getting worse and worse over time so I thought that was just the next level down until I realized I was on Bing.

5

lywyre t1_jeeyzrf wrote

Some time ago I used Bing for a few days by accident and I was literally getting mad at how bad my google results were. Google itself has been getting worse and worse over time so I thought that was just the next level down until I realized I was on Bing.

1

Hudell t1_jef36vu wrote

I wouldn't mind keeping Bing if I could actually find things with it. In that specific case when I repeated the search on google the first result was the same for both (and comically unrelated), but google had something that matched my query further down the page, while Bing only had variations of the first result.

5

autotldr t1_jebwj4r wrote

This is the best tl;dr I could make, original reduced by 77%. (I'm a bot)

> A dangerous vulnerability was detected in Microsoft's Bing search engine earlier this year that allowed users to alter search results and access other Bing users' private information from the likes of Teams, Outlook, and Office 365.

> "A potential attacker could have influenced Bing search results and compromised Microsoft 365 emails and data of millions of people," Ami Luttwak, Wiz's chief technology officer, said to The Wall Street Journal.

> Bing has been enjoying a surge in popularity of late, surpassing a milestone of 100 million daily active users earlier this month following the launch of its AI-powered Bing Chat feature on February 7th. Had the issue not been patched a few days prior, Bing's explosive growth could have pushed the dangerous, highly accessible security exploit more widely to millions of users - according to Similarweb, Bing is the 30th most visited website in the world.

Extended Summary | FAQ | Feedback | Top keywords: Bing^#1 Microsoft^#2 Wiz^#3 Azure^#4 vulnerability^#5

5

Winterspawn1 t1_jee76gy wrote

Imagine using bing or outlook

−5

sigmatrophic t1_jecpjrt wrote

MS invests and integrate GTP... GTP shares exploits... It's looking to breakfree

−17

[deleted] t1_jedwvoj wrote

[deleted]

9

QueenVanraen t1_jee1n7m wrote

They also clearly haven't read the article at all, nor the autotldr bot's summary.
the gpt integration had nothing to do w/ the vulnerability, but I guess hating on AI is trendy these days :D

7

sigmatrophic t1_jeel5ey wrote

Its a joke... just because despite having all the money... they still can't ship a good product... and riffing on prior news where GPT was telling users it want's to escape.

−4