Monday November 18, 2019
Home Lead Story Bug Spotted i...

Bug Spotted in Microsoft Office 365, Outlook

Several tech companies offer bug bounty incentives. Sahad also received bug bounty from Facebook last year for discovering a bug in the social networking platform

0
//
Microsoft
Microsoft launches e-commerce portal for Telangana's handloom weavers. Pixabay

A Kerala-based application security engineer has won bug bounty from Microsoft for discovering a series of vulnerabilities that left over 400 million Microsoft users’ accounts — from Office 365 to Outlook emails — open to hacking.

Sahad NK, who works as a security researcher with cybersecurity portal Safetydetective.com, came across multiple vulnerabilities that, when chained together, allow an attacker to take over any Microsoft Outlook, Microsoft Store, or Microsoft Sway account simply via the victim clicking on a link.

“Immediately after finding these vulnerabilities, we contacted Microsoft via their responsible disclosure programme and started working with them,” said Safetydetective on Tuesday.

The vulnerabilities were reported to Microsoft in June and fixed by November end.

“While the vulnerability proof of concept was only made for Microsoft Outlook and Microsoft Sway, we expect it to affect all Microsoft accounts including Microsoft Store,” said Sahad.

Microsoft, PUBG
A sign for Microsoft is seen on a building in Cambridge. VOA

Sahad discovered that a Microsoft subdomain, “success.office.com”, had not been properly configured. He also found bug in Microsoft Office, Store and Sway products.

A string of bugs when chained together created the perfect attack to gain access to someone’s Microsoft account — simply by tricking a user into clicking a link.

“Anyone’s Office account, even enterprise and corporate accounts, including their email, documents and other files, could have been easily accessed by a malicious attacker, and it would have been near-impossible to discern from a legitimate user,” said TechCrunch.

Also Read- New Bug Forces Alphabet to Expedite Google+ API Shutdown

Sahad, with the help of fellow security researcher Paulos Yibelo, reported the bug to Microsoft, which fixed the vulnerability and gave an unspecified amount as bug bounty to Sahad.

Several tech companies offer bug bounty incentives. Sahad also received bug bounty from Facebook last year for discovering a bug in the social networking platform. (IANS)

Next Story

Microsoft Pulls Plug On Its Cortana Mobile App For Android and iOS Devices

Microsoft is pulling the plug on its Cortana mobile app for both Android and iOS devices across several countries

0
Microsoft
Microsoft is pulling the plug on its Cortana mobile app for both Android and iOS devices in several countries. Pixabay

Microsoft is pulling the plug on its Cortana mobile app for both Android and iOS devices in regions such as the UK, Canada, Australia and several other countries.

Beginning January 31, Microsoft will no longer support the digital assistant app in the above-mentioned countries, it said in three regional support notes.

When asked if the iOS and Android apps will also be shuttered in the US, a Microsoft spokesperson said that in addition to Britain, Australia and Canada, affected markets include China, Germany, India, Mexico and Spain, CNet reported on Saturday.

Microsoft
Microsoft will no longer support the digital assistant app in some countries. Pixabay

Notably, the Cortana app is used to configure settings and update firmware for devices like Microsoft’s Surface Headphones.

Lists, reminders and other content created by way of the iOS or Android app will still be accessible via Cortana on Windows, the company said in its support page.

Also Read- Xiaomi Plans To Unveil All Smartphones Over $285 with 5G Support Soon

“Cortana is an integral part of our broader vision to bring the power of conversational computing and productivity to all our platforms and devices,” a Microsoft spokesperson was quoted as saying by CNet. (IANS)