Tuesday, March 9, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Microsoft has a subdomain hijacking problem

February 19, 2020
in Internet Security
Microsoft has a subdomain hijacking problem
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: ZDNet

A security researcher has pointed out today that Microsoft has a problem in managing its thousands of subdomains, many of which can be hijacked and used for attacks against users, its employees, or for showing spammy content.

The issue has been brought up today by Michel Gaschet, a security researcher and a developer for NIC.gp.

You might also like

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

In an interview with ZDNet, Gaschet said that during the past three years, he’s been reporting subdomains with misconfigured DNS records to Microsoft, but the company has either been ignoring reports or silently securing some subdomains, but not all.

Researcher: Only 5%-10% got fixed

Gaschet says he reported 21 msn.com subdomains that were vulnerable to hijacks to Microsoft in 2017 [1, 2], and then another 142 misconfigured microsoft.com subdomains in 2019 [1, 2].

Further, the researcher also privately shared with ZDNet another list of 117 microsoft.com subdomains that he also reported to Microsoft last year.

msft-subdomain-list.png

Image: ZDNet

Of all the reported misconfigured subdomains, Gaschet told ZDNet that Microsoft only addressed a few. The researcher puts the number at somewhere between 5% and 10% of all the subdomains he reported.

Blame DNS misconfigurations

Gaschet told ZDNet the OS maker usually fixes big subdomains, like cloud.microsoft.com and account.dpedge.microsoft.com, but leaves the other subdomains exposed to hijacks.

The researcher said that most of the Microsoft subdomains are vulnerable to basic misconfigurations in their respective DNS entries. The researcher says this 2014 blog post from Detectify explains the problem in depth.

“The root cause/mistake is a forgotten DNS entry pointing to something that doesn’t exist anymore, or never existed, like a typo in the DNS entry content,” Gaschet told ZDNet.

Subdomain hijacks lead to spam on microsoft.com

But until now, these misconfigurations have never caused Microsoft any problems or headaches, despite being an attractive attack surface.

In a hypothetical scenario, an attacker could hijack one of these subdomains and host phishing pages to harvest login credentials for Microsoft employees, business partners or even its end-users.

The scenario is not something that has not been seen before.

Luckily, no dangerous threat groups have noticed this problem.

Sadly, others have.

Today, Gaschet pointed out on Twitter that at least one spam group has figured out they could hijack Microsoft’s subdomains and boost their spammy content by hosting it on a reputable domain.

Gaschet says he spotted ads for Indonesian poker casinos on at least four legitimate Microsoft subdomains. These include portal.ds.microsoft.com, perfect10.microsoft.com, ies.global.microsoft.com, and blog-ambassadors.microsoft.com.

The spammy ads are still live at the time of writing.

ZDNet has reached out for comment to Microsoft and asked the company to comment on a series of issues raised by Gaschet in a Twitter thread today. We have not heard back before this article’s publication time.

https://t.co/XAJfbsE4ht

This kind of stuff, this is what you get by putting subdomain takeover out of scope, and don’t fix critical subdomain takeover from good peoples, rarely thanks them and generally not respond to them. Great job, @msftsecresponse 👏

— Michel Gaschet (@Michel_Gaschet) February 18, 2020

On Twitter, Gaschet guessed that one of the reasons why Microsoft is not prioritizing fixing these issues is because “subdomain takeovers” are not part of the company’s bug bounty program, which means any reports are not getting prioritized, even despite the severity of the issues being reported.

Gaschet, who is a developer for NIC.gp, the official registrar for the Guadeloupe .gp top-level domain, urged Microsoft to revamp how it manages its DNS records, which he said are the source of most of these misconfigurations.


Credit: Zdnet

Previous Post

EA’s Server Woes Call the Entire Future of Cloud-Gaming Into Question

Next Post

Transactional Email Metrics: Measuring Effectiveness

Related Posts

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report
Internet Security

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report

March 9, 2021
Ezviz C3X outdoor security camera review: Simple setup, superb features Review
Internet Security

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

March 9, 2021
Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks
Internet Security

Supernova malware clues link Chinese threat group Spiral to SolarWinds server hacks

March 9, 2021
McAfee sells its enterprise business to private equity group as it focuses on consumer security
Internet Security

McAfee sells its enterprise business to private equity group as it focuses on consumer security

March 9, 2021
Everything you need to know about Microsoft Exchange Server hack
Internet Security

Everything you need to know about Microsoft Exchange Server hack

March 8, 2021
Next Post
Transactional Email Metrics: Measuring Effectiveness

Transactional Email Metrics: Measuring Effectiveness

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report
Internet Security

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report

March 9, 2021
Is investing in AI the highest ROI opportunity?
Data Science

Is investing in AI the highest ROI opportunity?

March 9, 2021
Dalhousie researchers use machine learning to track COVID-related emotions on social media | Provincial | News
Machine Learning

Dalhousie researchers use machine learning to track COVID-related emotions on social media | Provincial | News

March 9, 2021
Ezviz C3X outdoor security camera review: Simple setup, superb features Review
Internet Security

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

March 9, 2021
Operationalizing AI – Introduction to the ModelOps Pipeline
Data Science

Operationalizing AI – Introduction to the ModelOps Pipeline

March 9, 2021
SCA invests in Australian AI and machine learning company
Machine Learning

SCA invests in Australian AI and machine learning company

March 9, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report March 9, 2021
  • Is investing in AI the highest ROI opportunity? March 9, 2021
  • Dalhousie researchers use machine learning to track COVID-related emotions on social media | Provincial | News March 9, 2021
  • Ezviz C3X outdoor security camera review: Simple setup, superb features Review March 9, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates