Researchers from Exploit and Vullnerability found 670 subdomains of Microsoft that were vulnerable to acquisition from outside. With the (now patched) subdomains, it would be easier to fool users and steal login details.
Subdomains can be taken over if, for example, an error was made in configuring the DNS or an expired hosting service. The malicious party can then upload files or make an imitation of an official website. Because of the legitimate looking subdomain, users would be more likely to trust the site, according to the researchers.
Vullnerability automated the process of checking subdomains for vulnerabilities and thus managed to find 670 domains. These included ‘identifyhelp.microsoft.com’ and ‘data.teams.microsoft.com’. A number of the found subdomains were claimed by Vullnerability and reported to Microsoft to prevent abuse, but for the rest Microsoft itself will have to take action.
According to the researchers, the rest of the list (with 660 subdomains) will not be transferred until Microsoft comes up with a reward program for finding such vulnerabilities.
This is not the first time that Microsoft has been confronted with vulnerable subdomains. In February, researchers also pointed out that managing thousands of subdomains caused problems, after another hundred of subdomains could be taken over due to incorrectly configured DNS. At that time, Microsoft did not make any statements and only patched up a portion of the vulnerable subdomains that had been raised.