Hi All, I returned with another blog about a vulnerability I found in Microsoft’s business application. This time we will try to read some messages/posts from Microsoft’s private Yammer group. To summarize, what Microsoft employees were discussing in these Yammer groups: Covid19+ Vaccine, discussion about customers, competitors & business strategies. …

Hi Everyone, This is my continued responsible disclosure blog on Microsoft products. If you didn’t read my previous blog, you can get it from here. Today, I will share how I discover IDOR vulnerability in Microsoft Partner application which exposes all Microsoft Azure Independent Software Vendors. Introduction What is Insecure…

Part 0x01 | Improper Authorization could allow access to more than 100,000 Microsoft Dynamics 365 for Partner Users — Introduction As a part of Microsoft coordinated vulnerability disclosures, I would like to share a critical vulnerability within the dynamics portal which could allow an attacker to access personally identifiable information (first name, last name, email address, MPN ID etc.) of users of the Microsoft Dynamics for 365 Partner website.