“If Microsoft cared about security, they would never have published their own binaries to customers. At least not after which product manager has decided to change the distribution location of the file, then delete your own blob storage account and make the file publicly available to everyone.”
Ref Ray
一波才平, 一波又起....
微軟才剛緊急修完 On-premise Exchange 的 bug, 沒想到負責雲端地端混合部署的 Exchange Hybrid Configuration Wizard (HCW) 接著出事:
HCW 原本應該從 Azure 下載一個二進位資料檔, 現在變成只下載一個 1KB 的文字檔, 且內容竟然大剌剌寫著:
信號:APT攻擊