Skip to main content

Microsoft has a subdomain hijacking problem


A security researcher has pointed out today that Microsoft has a problem in managing its thousands of subdomains, many of which can be hijacked and used for attacks against users, its employees, or for showing spammy content.

The issue has been brought up today by Michel Gaschet, a security researcher and a developer for NIC.gp.
In an interview with ZDNet, Gaschet said that during the past three years, he's been reporting subdomains with misconfigured DNS records to Microsoft, but the company has either been ignoring reports or silently securing some subdomains, but not all.
RESEARCHER: ONLY 5%-10% GOT FIXED
Gaschet says he reported 21 msn.com subdomains that were vulnerable to hijacks to Microsoft in 2017 [12], and then another 142 misconfigured microsoft.com subdomains in 2019 [12].
BLAME DNS MISCONFIGURATIONS
Gaschet told ZDNet the OS maker usually fixes big subdomains, like cloud.microsoft.com and account.dpedge.microsoft.com, but leaves the other subdomains exposed to hijacks.

 But until now, these misconfigurations have never caused Microsoft any problems or headaches, despite being an attractive attack surface.
Luckily, no dangerous threat groups have noticed this problem.

Sadly, others have.
Today, Gaschet pointed out on Twitter that at least one spam group has figured out they could hijack Microsoft's subdomains and boost their spammy content by hosting it on a reputable domain

 Gaschet says he spotted ads for Indonesian poker casinos on at least four legitimate Microsoft subdomains. These include portal.ds.microsoft.comperfect10.microsoft.comies.global.microsoft.com, and blog-ambassadors.microsoft.com.

The spammy ads are still live at the time of writing.

 Source: https://www.zdnet.com/article/microsoft-has-a-subdomain-hijacking-problem/


Comments

Post a Comment

Popular posts from this blog

Top Cybersecurity Job Roles & Skills Required in 2025

Top Cybersecurity Job Roles & Skills Required in 2025 Security Analyst Responsibilities: Monitor security incidents and events Conduct vulnerability assessments and penetration testing Implement security controls and policies Required Skills: SIEM tools (e.g., Splunk, Sumo Logic) Network security fundamentals Incident response and threat intelligence Security Engineer Responsibilities: Design and implement security solutions Develop and enforce security policies Ensure system security compliance Required Skills: Firewalls, IDS/IPS, and endpoint security Scripting languages (Python, Bash, PowerShell) Cloud security (AWS, Azure, GCP) Penetration Tester (Ethical Hacker) Responsibilities: Conduct security testing to identify vulnerabilities Simulate cyberattacks to evaluate security posture Document findings and provide mitigation strategies Required Skills: Ethical hacking (CEH, OSCP certification preferred) Penetration testing tools (Metasploit, Burp Suite, Nmap) Knowledge of web app...
Post a Comment
Read more

Understanding Ransomware

Ransomware is a type of malicious software designed to encrypt or block access to a victim's files or entire computer system. The attackers demand a ransom payment, typically in cryptocurrencies, in exchange for providing the decryption key or restoring access. This insidious form of cyberattack has evolved over the years, becoming more sophisticated and causing significant disruption.   The impact of ransomware attacks can be devastating on multiple levels. For individuals, it can result in the loss of personal data, compromising sensitive information like financial records or personal documents. In businesses, ransomware can disrupt operations, leading to financial losses, reputational damage, and potential legal implications. Critical infrastructure, such as healthcare or government systems, can also become targets, risking public safety and national security.
Post a Comment
Read more

Information security !!!

 
Post a Comment
Read more