Critical Microsoft 365 Flaw on Android Compromises User Accounts
A critical vulnerability in Microsoft 365’s Android applications—stemming from a security setting disabled by default—has allowed attackers to hijack user accounts. According to an investigation by Dark Reading, the flaw impacted major tools like Word, PowerPoint, and Excel, exposing credentials and sensitive data.
A Widespread and Risky Default Configuration
The issue stems from a security feature designed to protect multi-device authentication, particularly on Android. While this setting is typically enabled, it was disabled by default in Microsoft 365’s mobile apps, making account takeover attacks significantly easier. Researchers warn that this misconfigured default affected a broad user base, without requiring manual adjustments from users.
Immediate Risks for Businesses
Though Microsoft has not yet addressed the flaw with a patch, enterprises using these apps on Android devices are urged to audit their configurations. Attackers exploiting this vulnerability could access confidential files, send fraudulent emails, or spread malware through compromised accounts. Enhanced vigilance is strongly recommended until an official fix is released.
Source: Dark Reading. Editorial synthesis assisted by AI — TechnoExpress.