banner



Home  ›  Indian Engineer Wins Bounty For Microsoft Office 365, Outlook Bugs

Indian Engineer Wins Bounty For Microsoft Office 365, Outlook Bugs

Written By Thursday, March 10, 2022 Add Comment Edit

Microsoft Brings Ransomware Detection, File Recovery Features to Office 365

A Kerala-based awarding security engineer has won bug compensation from Microsoft for discovering a series of vulnerabilities that left over 400 million Microsoft users' accounts — from Function 365 to Outlook emails — open to hacking.

Sahad NK, who works as a security researcher with cybersecurity portal Safetydetective.com, came across multiple vulnerabilities that, when chained together, permit an assaulter to take over any Microsoft Outlook, Microsoft Store, or Microsoft Sway account simply via the victim clicking on a link.

Microsoft's Latest Office Insider Preview on iOS Adds New Features

"Immediately afterward finding these vulnerabilities, we contacted Microsoft via their responsible disclosure plan and started working with them," said Safetydetective on Tuesday.

The vulnerabilities were reported to Microsoft in June and fixed by Nov end.

"While the vulnerability proof of concept was only fabricated for Microsoft Outlook and Microsoft Sway, we wait information technology to affect all Microsoft accounts including Microsoft Store," said Sahad.

Sahad discovered that a Microsoft subdomain, "success.part.com", had not been properly configured. He also found problems in Microsoft Office, Shop and Sway products.

A string of bugs when chained together created the perfect assail to gain access to someone's Microsoft account — simply past tricking a user into clicking a link.

"Anyone's Office account, even enterprise and corporate accounts, including their e-mail, documents and other files, could accept been hands accessed by a malicious attacker, and it would take been virtually-impossible to discern from a legitimate user," said TechCrunch.

Sahad, with the aid of boyfriend security researcher Paulos Yibelo, reported the issues to Microsoft, which fixed the vulnerability and gave an unspecified corporeality as bug bounty to Sahad.

Several tech companies offer issues bounty incentives. Sahad also received problems bounty from Facebook last yr for discovering a bug in the social networking platform.

Source: https://beebom.com/indian-security-engineer-wins-bounty-for-microsoft-office-365-outlook-bugs/

Posted by: ellisagge1973.blogspot.com

0 Response to "Indian Engineer Wins Bounty For Microsoft Office 365, Outlook Bugs"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel