Microsoft has a subdomain hijacking problem

[ttyx]

A security researcher has pointed out today that Microsoft has a problem in managing its thousands of subdomains, many of which can be hijacked and used for attacks against users, its employees, or for showing spammy content.
The issue has been brought up today by Michel Gaschet, a security researcher and a developer for NIC.gp.
In an interview with ZDNet, Gaschet said that during the past three years, he's been reporting subdomains with misconfigured DNS records to Microsoft, but the company has either been ignoring reports or silently securing some subdomains, but not all.
RESEARCHER: ONLY 5%-10% GOT FIXEDGaschet says he reported 21 msn.com subdomains that were vulnerable to hijacks to Microsoft in 2017 [1, 2], and then another 142 misconfigured microsoft.com subdomains in 2019 [1, 2].
Further, the researcher also privately shared with ZDNet another list of 117 microsoft.com subdomains that he also reported to Microsoft last year.
 Of all the reported misconfigured subdomains, Gaschet told ZDNet that Microsoft only addressed a few. The researcher puts the number at somewhere between 5% and 10% of all the subdomains he reported.
BLAME DNS MISCONFIGURATIONSGaschet told ZDNet the OS maker usually fixes big subdomains, like cloud.microsoft.com and account.dpedge.microsoft.com, but leaves the other subdomains exposed to hijacks.
The researcher said that most of the Microsoft subdomains are vulnerable to basic misconfigurations in their respective DNS entries. The researcher says this 2014 blog postfrom Detectify explains the problem in depth.
"The root cause/mistake is a forgotten DNS entry pointing to something that doesn't exist anymore, or never existed, like a typo in the DNS entry content," Gaschet told ZDNet.
SUBDOMAIN HIJACKS LEAD TO SPAM ON MICROSOFT.COMBut until now, these misconfigurations have never caused Microsoft any problems or headaches, despite being an attractive attack surface.

Source