A dependency confusion vulnerability against Microsoft’s Azure Portal (portal.azure.com), alleging that the Microsoft Security Response Center (MSRC) dismissed confirmed remote code execution (RCE) evidence as “automated security tooling”. While auditing bundled client-side JavaScript assets on portal.azure.com, Fayad identified a require statement referencing the internal NPM package @FxInternal/NetDiagnostics. A search of the public NPM registry confirmed that neither the @fxinternal organization namespace […]
The post Researcher Claims Microsoft MSRC Dismissed Dependency Confusion Flaw appeared first on Cyber Security News.