Leak of trust.jpg

Microsoft has closed-off a cross-site scripting (XSS) vulnerability in Office 365. The vulnerability, if exploited, could have enabled anyone with a mailbox in an enterprise using Office 365 to obtain administrative permission over the entire company’s Office 365 environment. What does that do to your level of trust in the product?

Office 365 Vulnerability

The problem — identified in October and closed just in late December — has only come to light recently. It was identified by Alan Byrne, co-founder of internet security firm Cogmotive, who noted that it could be exploited using a few lines of simple JavaScript. Byrne demonstrates on the following YouTube video:

In a blog post detailing how the script could be used, Byrne noted that this vulnerability had the potential to cause catastrophic damage in a large enterprise. He wrote:

This is a perfect example of a very simple exploit which has a huge possibility to cause billions of dollars’ worth of damage. As we move further and further into the cloud, we need to be more and more aware of the potential security risks. There are some large, high profile companies now using Microsoft Office 365 and I know that they will be very concerned to hear about these types of exploits. No one knows if someone much more malicious discovered this bug before I did and has used it for profit by extracting sensitive information."

Office 365 Vulnerability.jpg
Office 365 vulnerability

Office 365 One Year On

It is ironic that this exploit is coming to light just a week before Microsoft celebrates the first birthday of Office 365.

Office 365 was released last Jan. 29, and Microsoft is already beginning to whoop-it-up over the achievements around the product and the amount of traction it has gained in the enterprise space. Jose Waldo, senior director of Microsoft’s cloud partner strategy announced in a blog post for the Worldwide Partner Conference 2014 last week that Office 365 has been the fastest growing product in Microsoft’s history, including SharePoint.

He said that one in four of Microsoft's enterprise clients subscribes to Office 365. In addition, in the past 12 months, there has been a 150 percent increase in the number of small-to-medium (SMB) enterprises that have signed up.