They must’ve run out of tokens
Microsoft tech support:
Ackshually… what you’ve identified is not a problem, because my boss has a greater ability to rationalize the existence of problems, than solve them.
Therefore you are an idiot, stop harassing me.
When I owned and managed my own database this never happened.
Accidentally elevating an extension with Backup Contributor to cluster-admin seems like a hell of a security boundary violation to me. Seems like the kind of thing a recently laid-off, possibly disgruntled admin could do a lot of damage with if they had a mind to. Like, company-exploding damage. I would think twice about trusting a vendor that sweeps this kind of thing under the rug.
Friends don’t let friends trust proprietary software.
On another note:
CERT/CC had initially scheduled public disclosure for June 1, 2026, but that disclosure never happened.
Is this a typo or is bleepingcomputer reporting from the near future?
Restore DB from backup and now former admins have full admin access.
Can’t see that ever going wrong…
I hope someone can do this to microslop, then it’ll get fixed in 20 minutes. (and break 6 other things in the process)
the article states that microsoft did fix it but are refusing yo acknowledge it.
Slopware
totally makes sense…
