Microsoft Has a Subdomain Hijacking Problem

A security researcher has pointed out that Microsoft has a problem in managing its thousands of subdomains, many of which can be hijacked and used for attacks against users, its employees, or for showing spammy content. From a report: The issue has been brought up this week by Michel Gaschet, a security researcher and a developer for In an interview with ZDNet, Gaschet said that during the past three years, he’s been reporting subdomains with misconfigured DNS records to Microsoft, but the company has either ignored those reports or silently secured some subdomains, but not all. Gaschet says he reported 21 subdomains that were vulnerable to hijacks to Microsoft in 2017, and then another 142 misconfigured subdomains in 2019. Further, the researcher also privately shared with ZDNet another list of 117 subdomains that he also reported to Microsoft last year.

Read more of this story at Slashdot.
