Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover

  /     /     /  
Publicated : 23/11/2024   Category : security

Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover


The now-fixed flaw could have enabled attackers to trick users into downloading malicious content or sharing credentials.


Security researchers discovered more than 670 Microsoft subdomains vulnerable to account takeover, potentially giving attackers the ability to trick users into sharing their usernames and passwords or downloading malicious files.
Subdomain takeover occurs when a subdomain can be controlled by anyone other than system admins, explain Numan Ozdemir and Ozan Agdepe of security alert service Vullnerability, in a blog post. This can happen due to expired hosting services or DNS misconfigurations, and it can allow an adversary to upload files, create databases, track data traffic, or create a clone of a primary website. If a subdomain seems legitimate, users will likely enter their information.
This discovery means attackers could have potentially accessed the subdomains of hundreds of Microsoft services and used them in phishing and malware campaigns. Victims cant tell whether a subdomain has been compromised. As a result, if they visit a hijacked subdomain and are prompted to enter their credentials or download a malicious file, theyll likely do it.
Ozdemir and Agdepe created an automated system to scan all subdomains of some Microsoft domains and found the vulnerable subdomains. These included identityhelp.microsoft.com, mybrowser.microsoft.com, web.visualstudio.com, and dev.social.microsoft.com, among others. The researchers shared their findings with Microsoft, which fixed the affected subdomains.
Read more details
here
.
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays featured story:
The Perfect Travel Security Policy for a Globe-Trotting Laptop
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover