INSUBCONTINENT EXCLUSIVE:
Microsoft for discovering a series of vulnerabilities that left over 400 million Microsoft users' accounts -- from Office 365 to Outlook
emails -- open to hacking.Sahad NK, who works as a security researcher with cybersecurity portal Safetydetective.com, came across multiple
vulnerabilities that, when chained together, allow an attacker to take over any Microsoft Outlook, Microsoft Store, or Microsoft Sway
account simply via the victim clicking on a link."Immediately after finding these vulnerabilities, we contacted Microsoft via their
responsible disclosure programme and started working with them," said Safetydetective on Tuesday.The vulnerabilities were reported to
Microsoft in June and fixed by November end."While the vulnerability proof of concept was only made for Microsoft Outlook and Microsoft
Sway, we expect it to affect all Microsoft accounts including Microsoft Store," said Sahad.Sahad discovered that a Microsoft subdomain,
"success.office.com", had not been properly configured
He also found bug in Microsoft Office, Store and Sway products.A string of bugs when chained together created the perfect attack to gain
access to someone's Microsoft account -- simply by tricking a user into clicking a link."Anyone's Office account, even enterprise and
corporate accounts, including their email, documents and other files, could have been easily accessed by a malicious attacker, and it would
have been near-impossible to discern from a legitimate user," said TechCrunch.Sahad, with the help of fellow security researcher Paulos
Yibelo, reported the bug to Microsoft, which fixed the vulnerability and gave an unspecified amount as bug bounty to Sahad.Several tech
companies offer bug bounty incentives
Sahad also received bug bounty from Facebook last year for discovering a bug in the social networking platform.For the latest News Live
Updates on Election Results from each assembly constituency in Madhya Pradesh, Rajasthan, Mizoram, Chhattisgarh, Telangana, like us on
Facebook or follow us on Twitter for updates.
