[ad_1]
2:45 p.m.
Wednesday, December 12, 2018
Books – Assem Al-Ansari:
The Indian programmer Sahad Nk discovered a software vulnerability that allowed him to take advantage of the Microsoft subdomain (success.office.com) by invoking a CNAME record and redirecting it to the Azure platform. Access all data sent through it.
According to Techcrunch, the Indian programmer has discovered that Microsoft Office and Microsoft Office applications can both be operated in the same way and that data can be obtained by logging into the official system of the company.
Not all of these applications are configured correctly, which simplifies the trust process for "office.com" extensions.
Microsoft has confirmed that the vulnerability has been corrected and removed the "CNAME" registry at the root of the problem.
Source link
