Microsoft Subdomains Have A Massive Security Loophole, Leading To Cyber Attacks!

Microsoft subdomains are being sued for broadcasting spammy content, attacks and various other cyber attacks as pointed out by a researcher. What's more concerning that despite notifying the company multipole times, vulnerability is fixed only in 5% - 10% subdomains .

Must Read

Looking For A Job At Amazon? Jeff Bezos Is Willing To Hire Everyone If……

The global pandemic Covid-19 has thrown the whole world into complete chaos. Amid this perilous situation, one...

CII Suggests India Implement Its Own Version Of “Helicopter Drop” Amid The Covid-19 Outbreak

After Canada, Singapore, Australia and the US, it's time for India to work on a financial plan...

Facebook To Invest In Reliance Jio To Redefine The Market Equations in India?

Since the launch of Reliance Jio in the year 2016, Reliance Industries, owned by Mukesh Ambani, the...

A security researcher has pointed out the fact that Microsoft’s thousands of subdomains are prone to many vulnerabilities which can be taken advantage of. These subdomains can be hijacked and used for attacks against their own employees, users or for showing them spammy content according to him.

Michel Gaschet, the security researchers, is also a developer for NIC.gp brought this issue to light. Whilst in an interview with ZDNet, he mentioned that he has been reporting these subdomains to Microsoft for the past three years. However, either most of his reporting has been repeatedly been ignored or Microsoft has been fixing some of them silently. He believes that these subdomains have misconfigured DNS records.

Advertisements

Gaschet also privately shared a list of 117 microsoft.com subdomains, he reported to Microsoft last year, with ZDNet. The security researcher said he reported 21 msn.com subdomains that were vulnerable to hijacks to Microsoft in 2017 and then another 142 misconfigured microsoft.com subdomains in 2019.

Source: ZDnet

However, only 5-10% of all the subdomains he collectively reported were addressed and fixed by Microsoft whereas the others still remain misconfigured. It was noticed by him that subdomains such as cloud.microsoft.com and account.dpedge.microsft are more prioritised over the others as they are big. Hence, the other subdomains remain exposed to hijacking vulnerabilities.

These subdomains which are vulnerable to potential hijacks are because of basic misconfigurations in their respective DNS entries. A 2014 blog post from Detecify in 2014 explained the same in-depth.

“The root cause/mistake is a forgotten DNS entry pointing to something that doesn’t exist anymore, or never existed, like a typo in the DNS entry content,” Gaschet told ZDNet.

These misconfigured subdomains stayed the same because Microsoft never had to deal with any problems even though they were very much a sweet spot for attacking. In a hypothetical situation, an overly malicious attacker could have possibly taken over one of these subdomains whilst prompting Microsoft users to log in through a phishing page and collect their login credentials. Luckily enough Microsoft, no such malicious and dangerous attacker or group noticed this loophole but on the other hand, there are some who figured it out.

Advertisements
Source: ZDNet

It was reportedly pointed out on Twitter by Gaschet that one spam group figured out that they could hijack Microsoft’s subdomains and therefore, boost their spammy content by hosting it on a reputable domain.

Several ads for Indonesian poker casinos on at least four legitimate Microsoft subdomains were spotted which included portal.ds.microsoft.com, perfect10.microsoft.com, ies.global.microsoft.com, and blog-ambassadors.microsoft.com. Gaschet says these spammy advertisements are still very much active.

Microsoft has been reached out to for a comment regarding the same but we are still to be heard back from.

Microsoft’s Take On These Security Loopholes

One of the possible reasons as guessed by Gaschet that Microsoft is still not prioritizing these subdomain fixes could be because of the fact that the company’s bug bounty program doesn’t yet include these ‘subdomain’ takeovers’.

Therefore, the reporting of such issues get lined up way down in their priority list despite these issues being very severe. Microsoft, the multinational tech behemoth has been asked to revamp how it manages its DNS records, wherein lies the source of most of these misconfigurations by Gaschet.

It’s high time that Microsoft takes notice of this problem as it is easier to get rid of it while alarms are still going off and not after the situation has worsened.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Facebook Users Who Dumped It Earlier Are Returning Back To The Platform!

Facebook Inc. (NASDAQ:FB) is gaining ground and it's no less than a surprise to know who is...

Zoom iOS App Caught Sharing User Data With Facebook! Are You Using It?

With the growing number of people worldwide now trying to adapt to the ‘work-from-home’ situation amid the Covid-19 outbreak, Zoom which is...

A New WhatsApp Scam Is So Lucrative That You May Find Difficult To Resist

As the usage of social media and mobile messaging apps has surged tremendously worldwide due to the social distancing and lockdowns to...

Switch Off Your Amazon Alexa If You Are Working From Home!

Weeks after the widespread of the coronavirus, countries continue to go into lockdown mode for more weeks to come. People are advised...

Facebook Portal TV: Once Mocked Widely, Now Sold Out Completely!

Two years go, Facebook Inc. (NASDAQ:FB) released the first device in their Portal video calling series. This move brought them a lot...

Facebook To Invest In Reliance Jio To Redefine The Market Equations in India?

Since the launch of Reliance Jio in the year 2016, Reliance Industries, owned by Mukesh Ambani, the richest man in India, has...

In-Depth: Dprime

YouTube Should Have Bid Adieu To Dislike Button Much Earlier?

Online video sharing platform YouTube can be a ruthless place for content creators targeted by 'dislike mobs'. And the site owners totally understand that...

Facebook Has Pulled Off A Masterstroke By Integrating Its ‘Family Of Apps’?

It’s indeed hard to believe that ONE man sitting at Menlo Park, oversees how nearly a third of the world’s population interacts with each...

Facebook’s Crunch Conquest: By Relying Largely On The US Market, Is Facebook Running a Risk?

Two billion! That's Facebook, Inc. (NASDAQ: FB) for you - Right when you thought that this social-media giant has already connected the entire world, it's...

More Articles Like This