A research agency discovered over 600 legitimate Microsoft subdomains could be hijacked and exploited for phishing, malware delivery, and scams.
Researchers unveiled that Microsoft’s DNS records for a subdomain point to a website that no longer exists.
In this case, anybody can use this opportunity to develop the non-existent domain and hijack the subdomain with the misconfigured DNS records.
Researchers created an automated system and scanned all the subdomains of some vital Microsoft domains.
The scan results showed the existence of more than 670 subdomains that could be hacked using the technique.
A hacker can doubtlessly drive the visitors of the hacked subdomain to a phishing website.
Hacking Microsoft subdomains would give attackers the freedom to bypass even the most elite anti-spam and email security instruments in the network system. It can also be abused to acquire authentication credentials or other delicate data.
Hackers can trick users into installing malware, uploading sensitive information, or scam them. To understand how the breach works, researchers have published a blog post describing their observations.
The researchers have reported around a dozen of the affected subdomains to Microsoft. The reported subdomains consist of identity.help.microsoft.com, mybrowser.Microsoft.com, webeditor.visualstudio.com and data.teams.microsoft.com
Microsoft acknowledged that this is a common attack method that entails misleading targets in clicking on a specially designed malicious link.
Earlier, several warnings about the risks posed by subdomain hacking have been made.
Microsoft took measures to deal with the issue. However, going by recent discoveries, there are still hundreds of domains that could be exploited.