Microsoft Office 365 users may be able to access Office 365’s web-based login and login with Twitter via Twitterbot
Posted On June 11, 2021
Microsoft announced a new security update for its Office 365 online login service, which it said was part of a broader roll-out of security updates.
Microsoft’s new update, KB3089274, resolves a bug that could allow a user to bypass the sandboxing features in Twitterbot and login to the service using a fake email address, which was detected by researchers at the cybersecurity firm CrowdStrike.
Twitter has long been used by hackers to gain access to user accounts, including those of celebrities, politicians, and even governments.
The company announced a fix for the bug earlier this year, but it didn’t affect the vast majority of Twitter users.
Microsoft released an update for the bot on March 11 that addressed the security vulnerability, but the update wasn’t rolled out to all users until Tuesday, a company spokesperson told TechCrunch.
The latest version of Twitterbot can also be used to trick users into signing in to Twitter by logging into the bot through a compromised account, and a user can sign into the service with a fake Twitter account or through a proxy service.
Twitter has also said it will work with security researchers to prevent the exploitation of this vulnerability.
This article originally appeared on Wired UK.