The Redmond Cloud
pCloud Premium
Security Unlocked
Cloud Security Editor's Picks

A Bug Left Your Microsoft Account Wide Open For Hijack

Houston, we had a problem! A recently discovered series of vulnerabilities left your Microsoft Account out in the open for complete takeover, with everything from Office to Outlook susceptible to hacking.

A security researcher discovered this bug, where he was able to take over a Microsoft subdomain because it was not properly configured. This allowed the bug hunter to set up an Azure web app that pointed to the CNAME record of that domain.

These are used to map domain aliases and subdomains to the main account.

By doing this, the researcher not only took control of that particular subdomain, but he was also able to receive any and all data sent to it.

In other words, whenever a user logged into a Microsoft service, the login token would be sent over to the server controlled by the researcher, giving him a valid session token that could be used for logins, bypassing phishing detection.

Apparently, these critical issues were reported to Redmond in June, and they were fixed just last month, in November.

Microsoft Office, Store and Swap apps could be tricked into sending their authenticated login tokens to this new controlled domain after a user logged in through the Microsoft Live login system.

That is to say, anyone’s Office account, even enterprise and corporate ones, could theoretically be hacked this way. A malicious hacker would be able to easily access emails, documents and other files, while it would have been nearly impossible to discern a cybercriminal from a legitimate user.

Makes one shiver, just typing it!

Related posts

Azure Revenue Growth Was 76% Last Quarter

Fahad Ali

Walmart And Microsoft Team Up For Cloud Factory

Fahad Ali

Microsoft Launches Azure IoT Central

Fahad Ali

Nasdaq Using Azure To Build A Blockchain For Blockchains

Fahad Ali

Microsoft Unveils Flexible AI System That Summarizes News

Fahad Ali

Azure SQL Database Picks Up An Array Of Improvements

Fahad Ali

Leave Your Comment Below