HomeWinBuzzer NewsMicrosoft Subdomains Are Vulnerable to Hijack Says Security Researcher

Microsoft Subdomains Are Vulnerable to Hijack Says Security Researcher

A researcher says Microsoft subdomains are often vulnerable to attack, although Microsoft has not responded to many of the warnings.

-

is seemingly facing issues across its vast networks of subdomains. According to security researchers, the company is struggling to manage the thousands of subdomains it uses. Indeed, many of these sites are vulnerability to hijack and can be used for attacking users.

Michel Gaschet, a researcher with NIC.gp disclosed the problem during an interview with ZDNet. He says Microsoft subdomains are frequent. While he has reported the problematic sites to Microsoft, he says the company has either ignored him or fixed sites without response.

However, only around 10% of the Microsoft subdomains have been fixed, Gaschet says. In total, the researcher has disclosed information on numerous subdomain vulnerabilities, including:

  • 21 msn.com subdomains
  • 142 misconfigured microsoft.com subdomains
  • 117 further microsoft.com subdomains

“The root cause/mistake is a forgotten DNS entry pointing to something that doesn't exist anymore, or never existed, like a typo in the DNS entry content,” Gaschet told ZDNet.

A bad actor could exploit these misconfigurations to hijack a subdomain and launch attacks to find user login credentials. This could affect Microsoft employees or users.

Avoiding the Issue

Gaschet believes Microsoft is not focusing on fixing the subdomains because it does not cover such hijacking under its bounty program. In other words, the company dosen't pay people who discover these issues and so researchers are not looking for them.

On Twitter, Gaschet criticized Microsoft's response team in regard to the issue:

“This kind of stuff, this is what you get by putting subdomain takeover out of scope, and don't fix critical subdomain takeover from good peoples, rarely thanks them and generally not respond to them. Great job.”

SourceZDNet
Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Mastodon