Risky Business Risky Business #802 -- Accessing internal Microsoft apps with your Hotmail creds
Aug 13, 2025
Justin Kohler, Chief Product Officer at SpecterOps and the mastermind behind Bloodhound, dives into the world of cybersecurity vulnerabilities and innovations. He discusses the urgent alerts around Microsoft Exchange systems and the risks of integrating legacy and cloud-based applications. Kohler also unveils Bloodhound's latest enhancements, including expanded attack path modeling, and the collaborative efforts within the cybersecurity community. Expect insights into the evolution of identity attacks and how new tools aim to secure complex infrastructures more effectively.
AI Snips
Chapters
Transcript
Episode notes
On‑Prem Exchange Can Escalate To Cloud
- On-prem Exchange integration with Exchange Online can grant excessive cloud privileges through legacy mechanisms.
- Dirk-jan Moller's research shows admins can escalate from on‑prem to cloud using those facilitator accounts.
Patch Exchange And Plan For Feature Breaks
- Apply the Microsoft patches and prepare for temporary feature outages as Microsoft disables features to force fixes.
- Expect permanent removal of the risky coexistence feature by end of October and plan migrations accordingly.
Internal Microsoft Apps Exposed By Multi‑Tenant Misconfigurations
- Researcher Vasuher Bernard found many Microsoft internal apps accepting consumer or cross‑tenant logins due to misconfigured multi‑tenant apps.
- Microsoft acknowledged the findings but declined a bounty, highlighting broad deployment errors.