Microsoft tech support:
Ackshually… what you’ve identified is not a problem, because my boss has a greater ability to rationalize the existence of problems, than solve them.
Therefore you are an idiot, stop harassing me.
When I owned and managed my own database this never happened.
They must must’ve run out of tokens
Accidentally elevating an extension with Backup Contributor to cluster-admin seems like a hell of a security boundary violation to me. Seems like the kind of thing a recently laid-off, possibly disgruntled admin could do a lot of damage with if they had a mind to. Like, company-exploding damage. I would think twice about trusting a vendor that sweeps this kind of thing under the rug.
Friends don’t let friends trust proprietary software.
On another note:
CERT/CC had initially scheduled public disclosure for June 1, 2026, but that disclosure never happened.
Is this a typo or is bleepingcomputer reporting from the near future?
totally makes sense…
Slopware
Restore DB from backup and now former admins have full admin access.
Can’t see that ever going wrong…
I hope someone can do this to microslop, then it’ll get fixed in 20 minutes. (and break 6 other things in the process)
the article states that microsoft did fix it but are refusing yo acknowledge it.
