Always good to know when your AV vendor aka Malwarebytes uses another vendor security solution such as Crowdstrike to secure their own systems.
So what would you say it is you do here?
Security company Malwarebytes suspects a breach of its Office 365 and Azure tenancies is by the same attacker behind the SolarWinds hack, but reckons flaws in Azure Active Directory security are also to blame. Malwarebytes, whose products include widely used anti-malware tools for consumers and businesses, said that it does …
"He reported the issue to Microsoft but was told that it was documented behaviour and therefore not a vulnerability"
Yes, yes, I have documented that anyone can gain access to AD as a Domain admin by doing this, as I have documented it, its not a vulnerability so don't need to fix it.
Easy way to get around fixing bugs, document them, then they are features. But, documentation, hmmmm, doing real work, or documentation.......
There might be perfectly reasonable design decisions as to why Microsoft did that. Equally there might not be (Microsoft aren't going to tell us either way are they).
If you have documented prominently that "anyone can gain access to AD as a domain admin by doing this. If you want to stop that then do this this, and this. This has the known side effect of causing this behaviour..."
Isn't that documented well enough (if prominent enough) such that the customer can make a judgement call about it? Everything's a trade-off isn't it, and I presume that MalwareBytes made that trade-off...
I'd say securing it is close to impossible. With so many serious technical vulnerabilities lurking in that platform and an effective method put in place by M$ legal team to shift M$' blame away from them and put it fully on your shoulders, there is little hope you can make it secure. That task is too huge, you won't have the resources.
Biting the hand that feeds IT © 1998–2021