Microsoft admits some Azure, Exchange, Intune source code snaffled in SolarWinds schemozzle

Microsoft admits some Azure, Exchange, Intune source code snaffled in SolarWinds schemozzle

Microsoft has admitted that as a result of installing backdoored SolarWinds tools in some parts of its corporate network, portions of its source code was obtained and exfiltrated by parties unknown.


In a final public update on Thursday detailing its internal investigation into “Solarigate,” Redmond’s security team said it detected the “viewing of a file in a source repository” in late November, and attempts to do so again “into early January 2021, when the attempts stopped.”

“There was no case where all repositories related to any single product or service was accessed,” the update advises, adding: “There was no access to the vast majority of source code. For nearly all of code repositories accessed, only a few individual files were viewed as a result of a repository search.”


But some source code was accessed and downloaded. “For a small number of repositories, there was additional access, including in some cases, downloading component source code,” the update states.

Microsoft has described those repositories as follows:


  • A small subset of Azure components (subsets of service, security, identity)

  • A small subset of Intune components

  • A small subset of Exchange components

  • More patches for SolarWinds Orion after researchers find flaw allowing low-priv users to execute code, among others


    READ MORE

    Microsoft’s security team suggests there’s no reason to worry about these leaks, because the attackers went looking for secrets in code. Microsoft forbids that and runs automated checks to enforce the policy.


    The Windows ..