Bug bounty hunter Sahad Nk recently uncovered a series of vulnerabilities that left Microsoft users’ accounts — from your Office documents to your Outlook emails — susceptible to hacking.
While working as a security researcher with cybersecurity site SafetyDetective021 Archives Nk discovered that he was able to take over the Microsoft subdomain, http://success.office.com, because it wasn’t properly configured. This allowed the bug hunter to set up an Azure web app that pointed to the domain’s CNAME record, which maps domain aliases and subdomains to the main domain. By doing this, Nk not only takes control of the subdomain, but also receives any and all data sent to it.
This is where the second major vulnerability comes into play.
Microsoft Office, Outlook, Store, and Sway apps send authenticated login tokens to the http://success.office.comsubdomain. When a user logs in to Microsoft Live, login.live.com, the login token would leak over to the server controlled by Nk. He would then just have to send over an email to the user asking them to click a link, which would provide Nk with a valid session token — a way to log in to the user’s account without even needing their username or password. And, because Nk has access on Microsoft’s side, that link would come in the form of a login.live.com URL, bypassing phishing detection and even the savviest of internet users.
According to SafetyDetective, the issues were reported to Microsoft in June. They were fixed just last month, in November.
Topics Cybersecurity Microsoft
11 Tech Products That Were Supposed to Fail... But Didn't
Portugal vs. France 2025 livestream: Watch U21 Euro 2025 for free
Disney takes on AI image generator Midjourney in scathing suit
Productivity Boost: Enable 'Night Mode' on All Your Devices
E3 2017 Trailer Roundup: Upcoming PC Games
The Best Sports Video Game of All Time
CPU Price Watch: 9900K Incoming, Ryzen Cuts
Best Beats deal: Save $70 on the Beats Studio Buds + at Amazon
Swole Jeff Bezos joins Instagram to tease his new ROCKET FACTORY
Best speaker deal: Save $50 on the Beats Pill
Best GPU deal: Get the MSI RTX 5080 for $1,249.99 at Best Buy
Best robot vacuum deal: Save 42% on the Eufy E20 3
Stream 'The Bear' for free with T
Today's Hurdle hints and answers for June 10, 2025
How to survive Valentine's Day when you're heartbroken
Budget Overclocking Guide: Ryzen 3 2200G
4GHz CPU Battle: AMD 2nd
The Ultimate 44 Used Graphics Card Pricing & Benchmark Guide
Elon Musk's DOGE.gov website can apparently be edited by anyone
The biggest internet scams to be aware of in 2025 (so far)
Student suprises teacher with the shoes he's always wantedElderly couple separated after 62 years together shares happy reunion5 things we know about Snapchat's new SpectaclesMystery cat lover leaves $8,000 in animal shelter donation box5 creative ways to trick people into eating healthyWhen an online relationship with a stranger is unhealthyPolice arrest creepy clown found lurking in Kentucky woodsTesla plans to unveil solar roof with integrated Powerwall battery on Oct. 28Elderly couple separated after 62 years together shares happy reunionHow Spotify is perfecting the art of the playlistWait a second—Kim Kardashian might vote for Donald TrumpBad news, Shutterfly: Amazon is moving into photo printingStreet seller left with 250 unsold Pokemon toys is saved by social media5 things we know about Snapchat's new SpectaclesCreative mom puts her napping twins into awesome settingsMichelle Obama gives George W. Bush the bear hug we all needMarlins star pitcher José Fernández dies in boating accident at 24Creative mom puts her napping twins into awesome settings17 cats that are definitely plotting your deathVirtual reality fans are disappointed in Palmer Luckey's secret Trump fund Remembering SimCity and Seeing Cities As Characters Karl Ove Knausgaard and Television in America Roz Chast‘s Ideas for the Paris Review Revel, Circa 1985 Watch a New Documentary on Nazoranai, an Experimental Trio Staff Picks: Walser, Verhoeven, Lead Belly, and More John Jeremiah Sullivan Wins Windham Campbell Prize Presenting “Big, Bent Ears,” A New Multimedia Project Mark Twain’s Advice for Curing a Cold “Mating” Book Club, Part 1: Chasing Waterfalls Trollope Gets His 65,000 Words Back “Voyages to Disperse Enchantments”: Rimbaud in Ethiopia Yoshihiro Tatsumi’s Tokyo Noir “Bankspeak”: Your New Least Favorite Language Leave Your Comfort Zone with Joseph Mitchell & Jonny Greenwood Trying to Inject Meaning Into the Daily Grind An Excerpt from Francis Ponge’s “Soap” Behold: The Splendor of a French Waiter In Chekhov‘s 200 Peter Gizzi on Poetry and Nothingness What Are Songs For?
3.1918s , 8205.390625 kb
Copyright © 2025 Powered by 【2021 Archives】,Miracle Information Network