For most businesses, over the years more and more services and utilities have been moved to the cloud and service providers like Microsoft have taken advantage of the growing shift away from on-premises servers to the convenience and standardization that comes with having systems maintained by a third-party provider.
Microsoft’s has a dominant position in the office productivity space, with existing tools such as Word, Excel, PowerPoint and more. Adding AI functionality through Copilot has only furthered their position as companies utilize it to streamline their day to day work activities (especially in meetings – Copilots ability to capture and translate the salient points of any meeting is unmatched in our opinion).
However, a recent token exploit threatened to potentially provide access to any tenant worldwide, here’s how it was discovered and how it works.
The threat was first discovered at a security conference in Las Vegas called “Black Hat” by a security researched named Dirk-jan Mollema, while preparing his presentation for the event he stumbled across two vulnerabilities that allowed him Global Administrator privileges into his own Microsoft tenants. He then went on to make new test accounts and found the same to be true for those as well.
Global Administrator is essentially God mode, you have unfettered access to make changes within a customer’s Microsoft system including seeing user information (including passwords), have access to all SharePoint files, delete other administrators and more.
Mollema disclosed his findings on July 14th and by July 17th a global fix was released by Microsoft, the bug as we mentioned was a type of token theft which is essentially when a “session” is hijacked making the system believe the user is already logged in when they’re not. This bypasses traditional methods of protection like MFA or even needing a password.
This event highlights just how critical it is to have a team in place ready to remediate for existing threats and proactively monitor for new threats and vulnerabilities. Had this exploit been discovered by someone of ill intent instead of a researcher, companies with protections in place would have faired much better than those without.
Here are some cybersecurity statistics all businesses should be aware of:
- Multi-Factor Authentication (MFA): Risk Reduction vs. No Protection
- MFA dramatically reduces account compromise: in a study of Azure AD accounts, MFA was found to reduce the risk of compromise by 99.22 % compared to accounts without MFA.
- In the same study, over 99.99 % of accounts with MFA remained secure during the investigation period, even in contexts of credential leaks.
Summary: Accounts without MFA are vastly more vulnerable to being breached, especially when credentials are exposed or reused.
- Cost Impact: Organizations with Automated Detection vs. Those Without
- According to IBM’s 2025 Cost of a Data Breach report, organizations using AI and automation in security detected and contained breaches faster and realized savings of ~USD 1.9 million on average compared to organizations not using those capabilities.
- Without those advanced controls, breach lifecycles tend to be longer, driving up response, remediation, reputation and regulatory costs. (This is implied in the same IBM report’s comparisons between organizations with and without use of automation/AI in security).
Summary: Having stronger, automated detection/response controls materially lowers the financial impact of breaches vs. more manual, reactive postures.
- Breaching via Weak or No Controls / Credential Exploits
- The 2025 Verizon Data Breach Investigations Report indicates that ~88 % of breaches in a given attack pattern involved use of stolen credentials.
- Without protections like strong authentication, credential monitoring, anomaly detection, or least-privilege access, systems are much more vulnerable to these common types of attacks. (Though I did not find a clean “with vs. without” statistic on credential attacks directly, this 88 % figure underscores how critical it is to defend credentials.)
In 2025, every business no matter how big or small needs to have a strong security posture to avoid disaster. At Valley Techlogic, we include best-in-class cybersecurity protections in every plan we offer – learn more today through a consultation.
Looking for more to read? We suggest these other articles from our site.
-
iOS 26 is here and opinions are mixed, plus information on the update you can install if you’ve decided iOS 26 is not for you (yet)
-
The No-Headache Way to Create a Written Information Security Plan (WISP)
-
Children and online safety, how the issue with Roblox highlights the need for more oversight into online services aimed at kids
-
Planning a tech refresh ahead of the Windows 10 support ending? Here are our six best strategies
-
What is a reply all “email storm” and how can you prevent it?
This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.
You must be logged in to post a comment.