Incroyable, mais vrai. Microsoft Corporation (NasdaqGS: MSFT) owned server platform's at Docs.com's search functionality exposes Personal Identifiable Information of hundreds - perhaps, thousands - of users... Does Microsoft Corporation believe that dropping search functionality will relieve the Corporation of risk?
Why weren't prudent safegaurds put in place to protect the Corporation's users (and the Corporation as well)? At the very least, a check for PII to assist in mitigating the exposure (risk-wise) to the Corporation? Do they check for malware or evil embedded macros in these documents? Who forgot to check for PII? Was the Corporation's well-seasoned Legal Department part of the sign off process to this debacle?
"More details on the attacks and proposed countermeasures are available in the research paper titled "Malware Guard Extension: Using SGX to Conceal Cache Attacks." via Catalin Cimpanu at BleepingComputer
Apparently, this product is now embedded in a wide range of devices (ranging from Apple Inc. to Dell Computers and more). I do architect & advise end-point security efforts in my work (agnostic that I am - I do not recommend individual products), but certainly not an embedded product in BIOS or EFI. Could it be rightly called 'The Self-Healing Endpoint of Privacy'? Has a meme been created? You be the judge - Me?, I'm going back to paper and pencil, air-gapped (of course - dammit, air-gaps are no guaranty of secure platforms either...). What to do. Tip o' the Hat.