CyberWire Daily Signed, sealed, exploitable. [Research Saturday]
9 snips
Jun 21, 2025 
Dustin Childs, Head of Threat Awareness at Trend Micro's Zero Day Initiative, discusses critical vulnerabilities in Microsoft PC Manager related to overly permissive SAS tokens. He reveals how these misconfigurations can jeopardize software distribution and lead to supply chain attacks. Childs also emphasizes the importance of ongoing security maturity in cloud services and outlines best practices for vulnerability disclosure to ensure timely responses. His insights shed light on the evolving landscape of cybersecurity threats and defenses.
AI Snips
Chapters
Transcript
Episode notes
Risks of Overly Permissive SAS Tokens
- Overly permissive shared access signature (SAS) tokens can expose cloud resources to supply chain attacks.
- Ease of access can unintentionally introduce significant security risks, especially in trusted software distribution chains.
Default SAS Token Permissiveness
- The permissiveness of SAS tokens in Microsoft services is baked in by default.
- Users have some ability to tighten permissions, but tokens come broadly configured from Microsoft initially.
Supply Chain Threat via Malicious Uploads
- An attacker could exploit permissive tokens to upload malicious zip files signed with legitimate certificates.
- This can infect software supply chains by distributing malware disguised as trusted updates.