![Signed, sealed, exploitable. [Research Saturday]](/img/empty.gif)
Signed, sealed, exploitable. [Research Saturday]
Dustin Childs, Head of Threat Awareness at Trend Micro Zero Day Initiative, joins to discuss their work on "ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains." The research explores two critical vulnerabilities (ZDI-23-1527 and ZDI-23-1528) that could have enabled attackers to hijack the Microsoft PC Manager supply chain via overly permissive SAS tokens in WinGet and official Microsoft domains.
While the issues have since been resolved, the findings highlight how misconfigured cloud storage access can put trusted software distribution at risk. The post also includes detection strategies to help defenders identify and mitigate similar threats.
The research can be found here:
ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains
Learn more about your ad choices. Visit megaphone.fm/adchoices
CyberWire Daily
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
- Número de episodios: 3,313
- Último episodio: 2025-07-01
- Noticias Noticias tecnológicas Noticias diarias
¿Donde puedes escuchar?
