Home

MC213486 "Issue corrected: Incorrect search results returned"

%3CLINGO-SUB%20id%3D%22lingo-sub-1406119%22%20slang%3D%22en-US%22%3EMC213486%20%22Issue%20corrected%3A%20Incorrect%20search%20results%20returned%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1406119%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20are%20there%20people%20affected%20by%20the%26nbsp%3B%3CSPAN%3EMC213486%3C%2FSPAN%3E%20%22%3CSPAN%3EIssue%20corrected%3A%20Incorrect%20search%20results%20returned%22%20%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EIs%20this%20a%20minor%20issue%20or%20I'm%20paranoid%3F%20The%20affected%20documents%20could%20have%20exposed%20their%20title%20and%20%3CU%3E%3CSTRONG%3Eexcerpt%3C%2FSTRONG%3E%20%3C%2FU%3Ein%20the%20search%20results%20to%20users%20from%20other%20organizations!%20Looks%20to%20me%20a%20major%20issue.%20Admins%20needs%20to%20extract%20the%20content%20information%20with%20powershell%20with%20the%20list%20of%20IDs%20provided%20by%20Microsoft%20to%20each%20organization%20and%20see%20if%20it%20could%20have%20exposed%20confidential%20info.%20Then%20if%20we%20found%20out%20that%20it%20is%20the%20case%2C%20what's%20the%20next%20step%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20thinking%20about%20all%20these%20smalll%20business%20using%20M365%20without%20an%20admin%20that%20takes%20time%20to%20read%20the%20message%20center%20and%20take%20action%20or%20someone%20not%20having%20powershell%20skills..%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20you%20feedback.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBelow%2C%20microsoft%20message%3A%3C%2FP%3E%3CP%3E%3CFONT%20size%3D%225%22%3E%3CSTRONG%3EIssue%20corrected%3A%20Incorrect%20search%20results%20returned%20(Message%201%20of%202)%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%3CEM%3EWe%20identified%20and%20subsequently%20corrected%20an%20issue%20in%20which%20under%20extremely%20rare%20circumstances%20users%20performing%20internal%20search%20queries%20%3CSTRONG%3Emay%20have%20received%20search%20results%20from%20another%20organization%3C%2FSTRONG%3E.%20At%20no%20time%20were%20the%20files%20that%20were%20displayed%20accessible%20to%20the%20user%20who%20received%20the%20incorrect%20search%20results.%20If%20the%20user%20who%20viewed%20the%20erroneous%20results%20refreshed%20the%20page%20or%20performed%20any%20other%20actions%2C%20the%20incorrect%20data%20would%20have%20been%20removed%20and%20the%20correct%20results%20from%20their%20search%20query%20would%20be%20produced.%3C%2FEM%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CEM%3EWe%E2%80%99ve%20determined%20that%20your%20organization%20was%20affected%20by%20this%20issue%20and%20users%20from%20other%20organizations%20were%20temporarily%20able%20to%20see%20the%20results%20of%20one%20or%20more%20of%20your%20user%E2%80%99s%20queries.%20While%20the%20files%20were%20not%20accessible%20to%20the%20user%2C%20%3CSTRONG%3Ecommon%20search%20data%20such%20as%20the%20file%20name%2C%20a%20%3CU%3Ebrief%20file%20description%20and%20other%20relevant%20search%20data%3C%2FU%3E%20may%20have%20been%20returned%3C%2FSTRONG%3E.%3C%2FEM%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CEM%3EIf%20the%20user%20who%20viewed%20the%20erroneous%20results%20refreshed%20the%20page%20or%20performed%20any%20other%20actions%2C%20the%20incorrect%20data%20would%20be%20removed%20and%20the%20correct%20results%20from%20their%20search%20query%20would%20be%20produced.%20Due%20to%20the%20transient%20nature%20of%20the%20issue%2C%20a%20user%20would%20have%20been%20unable%20to%20reproduce%20the%20problem.%3C%2FEM%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CEM%3EWe%E2%80%99ve%20identified%20that%20your%20tenant%20had%20one%20or%20more%20erroneous%20search%20results%20returned.%20To%20view%20the%20title%20and%20URL%20paths%20associated%20with%20these%20search%20results%2C%20use%20the%20following%20instructions%3A%3C%2FEM%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CEM%3ETenant%20administrators%20are%20able%20to%20follow%20the%20below%20steps%20to%20run%20the%20below%20PowerShell%20commands%20to%20identify%20the%20exact%20search%20query%20results%20data%20which%20were%20inadvertently%20viewed.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1406119%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1410044%22%20slang%3D%22en-US%22%3ERe%3A%20MC213486%20%22Issue%20corrected%3A%20Incorrect%20search%20results%20returned%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1410044%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F24099%22%20target%3D%22_blank%22%3E%40Martin%20Coupal%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20me%20this%20is%20a%20big%20deal.%20We%20(digital%20workplace%20specialists)%20have%20spent%20years%20getting%20the%20businesses%20we%20work%20for%20comfortable%20with%20using%20the%20cloud.%20Something%20like%20this%20is%20a%20much%20bigger%20deal%20than%20the%20message%20center%20message%20implies%20because%20it%20could%20reduce%20trust%20in%20the%20tools%2C%20which%20do%20have%20value.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20challenge%20I%20see%20is%20an%20ethical%20one%20%3A%20the%20organisations%20we%20work%20for%20have%20put%20trust%20in%20the%20vendor%2C%20that%20trust%20has%20been%20proved%20to%20be%20ill%20founded%20in%20this%20case%2C%20and%20potentially%20damaging%20to%20the%20organisation%20but%20to%20the%20perception%20of%20all%20Cloud%20computing%20tools.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYour%20other%20point%20is%20a%20really%20good%20one%20%3A%20are%20most%20of%20the%20customers%20able%20to%20do%20what%20was%20recommended.%20The%20simple%20answer%20is%20no.%20And%20even%20if%20they%20can%20run%20the%20scripts%20there%20is%20a%20good%20deal%20of%20understanding%20required%20not%20just%20at%20the%20admin%20level%20but%20at%20the%20senior%20management%20level%20to%20see%20the%20implications%20and%20act%20on%20them.%20Which%20as%20you%20point%20out%20isn't%20obvious%20what%20the%20next%20step%20is.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe've%20raised%20it%20with%20our%20Technical%20Account%20manager.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1410698%22%20slang%3D%22en-US%22%3ERe%3A%20MC213486%20%22Issue%20corrected%3A%20Incorrect%20search%20results%20returned%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1410698%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F228833%22%20target%3D%22_blank%22%3E%40Dorje%20McKinnon%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETotally%20agree%2C%20this%20is%20major.%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20can%20share%20the%20discussion%20outcome%20with%20your%20technical%20account%20manager%2C%20I%20would%20appreciate.%3C%2FP%3E%3CP%3EThis%20can't%20go%20under%20the%20radar.%20I%20think%20Microsoft%20can't%20just%20put%20something%20in%20the%20message%20center%20and%20case%20closed.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1417050%22%20slang%3D%22en-US%22%3ERe%3A%20MC213486%20%22Issue%20corrected%3A%20Incorrect%20search%20results%20returned%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1417050%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F24099%22%20target%3D%22_blank%22%3E%40Martin%20Coupal%3C%2FA%3E%26nbsp%3BNot%20paranoid%2C%20I%20think%20it%20is%20a%20major%20issue.%20My%20customer%20is%20a%20Government-funded%20health%20sector%20organisation%20with%20strict%20disclosure%20covenants.%20In%20certain%20cases%20even%20the%20name%20of%20the%20file%20can%20be%20cause%20for%20a%20breach%20notification.%20I've%20logged%20a%20ticket%20but%20found%20the%20response%20from%20MS%20less%20than%20satisfactory%20-%20they%20even%20pointed%20me%20to%20this%20discussion%20as%20a%20reference%20post!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi, are there people affected by the MC213486 "Issue corrected: Incorrect search results returned" ?

Is this a minor issue or I'm paranoid? The affected documents could have exposed their title and excerpt in the search results to users from other organizations! Looks to me a major issue. Admins needs to extract the content information with powershell with the list of IDs provided by Microsoft to each organization and see if it could have exposed confidential info. Then if we found out that it is the case, what's the next step?

 

I'm thinking about all these smalll business using M365 without an admin that takes time to read the message center and take action or someone not having powershell skills..

 

Thanks for you feedback.

 

Below, microsoft message:

Issue corrected: Incorrect search results returned (Message 1 of 2)

We identified and subsequently corrected an issue in which under extremely rare circumstances users performing internal search queries may have received search results from another organization. At no time were the files that were displayed accessible to the user who received the incorrect search results. If the user who viewed the erroneous results refreshed the page or performed any other actions, the incorrect data would have been removed and the correct results from their search query would be produced.

We’ve determined that your organization was affected by this issue and users from other organizations were temporarily able to see the results of one or more of your user’s queries. While the files were not accessible to the user, common search data such as the file name, a brief file description and other relevant search data may have been returned.

If the user who viewed the erroneous results refreshed the page or performed any other actions, the incorrect data would be removed and the correct results from their search query would be produced. Due to the transient nature of the issue, a user would have been unable to reproduce the problem.

We’ve identified that your tenant had one or more erroneous search results returned. To view the title and URL paths associated with these search results, use the following instructions:

Tenant administrators are able to follow the below steps to run the below PowerShell commands to identify the exact search query results data which were inadvertently viewed.

 

3 Replies
Highlighted

@Martin Coupal ,

 

To me this is a big deal. We (digital workplace specialists) have spent years getting the businesses we work for comfortable with using the cloud. Something like this is a much bigger deal than the message center message implies because it could reduce trust in the tools, which do have value.

 

The challenge I see is an ethical one : the organisations we work for have put trust in the vendor, that trust has been proved to be ill founded in this case, and potentially damaging to the organisation but to the perception of all Cloud computing tools.

 

Your other point is a really good one : are most of the customers able to do what was recommended. The simple answer is no. And even if they can run the scripts there is a good deal of understanding required not just at the admin level but at the senior management level to see the implications and act on them. Which as you point out isn't obvious what the next step is.

 

We've raised it with our Technical Account manager.

Highlighted

@Dorje McKinnon,

 

Totally agree, this is major. 

If you can share the discussion outcome with your technical account manager, I would appreciate.

This can't go under the radar. I think Microsoft can't just put something in the message center and case closed. 

 

 

Highlighted

@Martin Coupal Not paranoid, I think it is a major issue. My customer is a Government-funded health sector organisation with strict disclosure covenants. In certain cases even the name of the file can be cause for a breach notification. I've logged a ticket but found the response from MS less than satisfactory - they even pointed me to this discussion as a reference post!