Sure. But the list of projects is for 1 Azure Devops organization and the list appear to be in alphabetical order and showing B to C. Also it looks a bit like the logged on user only has access to one of the projects (at least it's only showing icons for one of them).
Once a threat actor has access to internal, less hardened systems, it is a matter of time until they have access to everything. In this case it’s a matter of privilege escalation at best and RCE at worst, no lateral movement required unless it’s easier to escalate directly in the IdP system or as a MitM between the IdP and the service in the screenshot.
My point was that so far every little information has been shared.
I have no idea what your point is. Also not sure if what you mean by "internal system" here. I can also log on to Azure Devops service (it public), but that doesn't mean I can access windows source code.
This happens on an almost yearly basis. Source code for ~all major windows releases is actively traded. (Same also goes for Apple, Cisco, etc...) Protecting source code that a huge amount of employees need access to is hard.
Keeping an OS private is virtually impossible, for the most part every engineer has access to every piece, so any intrusion is also likely access to current OS source.
Rumors out of Google were a bit different about their search algorithm which may be comparable to a leak of bing code.
If I base on the list, it seems that it was their California branch that was breached. No meaningful Azure or Windows source code was listed (which is hosted in Redmond) and a lot of Bing and Cortana ones (which are primarily developed in California).
Although source code leakage is bad, it should be noted that most governments already has copies of the Windows and Office source code access through legitimate means (Source Sharing agreements).
16 comments
[ 2.3 ms ] story [ 41.0 ms ] threadhttps://www.cyberkendra.com/2022/03/microsoft-allegedly-brea...
I have no idea what your point is. Also not sure if what you mean by "internal system" here. I can also log on to Azure Devops service (it public), but that doesn't mean I can access windows source code.
Only way you could stretch this into an article beyond a headline is by bundling a bunch of unnecessary bullshit.
Perhaps there'll be a comment from Microsoft, they won't say anything useful beyond "No customer information was accessed"
Previous public example: https://www.bbc.co.uk/news/technology-40366823
Many exploit devs have access to this stuff, but would obviously never publicly discuss it, fearing leaks and liability.
Rumors out of Google were a bit different about their search algorithm which may be comparable to a leak of bing code.
Although source code leakage is bad, it should be noted that most governments already has copies of the Windows and Office source code access through legitimate means (Source Sharing agreements).