Microsoft acknowledges BDO Cyber Security

The Offensive Security Team of BDO Cyber Security GmbH offers various penetrating testing services, whether it is complex IT or OT ecosystems, embedded devices, automotive components or all types of applications.

As part of such a security assessment, we analyzed the setup of a Microsoft solution for enterprises and discovered a yet unpublished vulnerability. On 9th August 2024 we opened a case via Microsoft Security Response Center (MSRC) portal and submitted a detailed description as well as proof for the successful exploitation of the vulnerability. After investigating the issue Microsoft confirmed the vulnerability on 11th September and acknowledged BDO Cyber Security GmbH in their Acknowledgement Portal on 30th September.
On 1st October 2024 Microsoft finally informed us that the fix for the product is targeted towards March 2025. As we believe that responsible disclosure of vulnerabilities is crucial, we decided to not release any more information about the vulnerability until the patch has been published. Once the patch is available, we will provide further information as part of a security advisory.

Are your systems secure? We’re here to help you protecting your IT environment by assessing your security before others do. Contact us now.