Two critical zero-day vulnerabilities in Microsoft Office 365 allow authentication of malicious users

A researcher known as Paranoid Ninja among the cybersecurity community reported the finding of two critical vulnerabilities in the Microsoft Office 365 suite. According to the report, successful exploitation of these vulnerabilities allows threat actors to completely bypass the authentication process on the target system.

Initially, the expert sent a single report to the Microsoft Security Response Center (MSRC), although shortly the next confirmed the identification of another dangerous security flaw. According to the specialist, the exploitation of the second vulnerability is directly related to the first and is even more dangerous.

Paranoid Ninja ensures that cybercriminal groups often use these vulnerabilities to organize malicious campaigns aimed at users of this suite. In this regard, Microsoft will soon begin notifying users of its Office 365 service of hacking operations allegedly deployed by threat actors sponsored by foreign governments. The corresponding notifications will be added to the user’s security portal, which will be the first step in the fight against the most sophisticated cybercriminal groups.

To learn more about information security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.