"is a bug and is not malicious" ππ
Reply from Microsoft
"Unfortunately, our service does not log the necessary information to link these logs to our logs.
Without that, itβs difficult to determine where the error is coming from.
What is the order of magnitude of the errors? How many are seen per day?
We can attempt to work backwards from that.
However, just want to emphasize again that this is a bug and not malicious."
@hackerfactor well, that's the issue i can't recreate the problem, it's been observed at the logs and the XDR.
Till the point that we have observed the non interactive attempts were impersonating endpoints and users that have not BING or edge technology installed.
The issue from a security perspective is that a token is being used from a Microsoft IP in China and thanks to conditional access the non interactive session is denied, that is why i do not consider this a "bug", because basically this can lead to a lateral movement or a privilege escalation.
From privacy perspective the one exploiting this could gain access to the user data and lead to a possible PII leak and under GDPR that could lead to fines.
But at that point that might be the least of the problems.
Last year i remember that there was a similar vulnerability on Graph but that was mitigated by Microsoft, i believe this is also related.
Infochul
Hacker Factor