Identity-theft vulnerability fixed in Microsoft Office 365, says security firm

Microsoft has plugged a vulnerability in Microsoft Office 365 that would have let attackers grab user identities and steal email and documents, according to Adallom, the security vendor that says it discovered the problem.

"What we found is if you sent a link to a user by email and the user opens the document, the attacker gets access to the user's tokens," says Ami Luttwak, co-founder and CTO at Adallom. The security firm that informed Microsoft about the software-as-a-service (SaaS) vulnerability, which it says took a few months to fix because of its complexity.

+ MORE ON NETWORK WORLD Cloud Security Alliance offers ultra-high cloud security plan +

Luttwak says the Office 365 "tokens" in question are the means for authentication to log into Office 365 and gain access to applications like Word or Excel. "In a general sense, it's an identity theft attack," he says. Before it was fixed, the attacker could access SaaS-based documents through any device and upload and download them at will, he says.

According to Luttwak, the token-stealing problem was basically a wider "problem with the Microsoft ecosphere" that would impact Microsoft Office 365, SharePoint and SkyDrive. Luttwak said this newer type of security problem in the cloud goes beyond Microsoft Office 365 and in fact, Adallom is working with other vendors to identify and fix similar vulnerabilities found in their SaaS applications.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityMicrosoftcloud security allianceendpoint securityanti-malwareWide Area Network

More about ExcelIDGMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

More videos

Blog Posts