Indian cybertechie helps plug security hole in Microsoft products

16th December 2018
Indian cybertechie helps plug security hole in Microsoft products
The SafetyDetective blog which reported the Microsoft vulnerability and ( inset) India-based Sahad who helped plug it

Kochi, December 16 2018: A Kerala-based Indian cyber specialist  has plugged a  security hole in  Microsoft products that  would potentially have  affected  400 million users.
The vulnerabilty came to the attention of UK-headquartered  cyber security  resource whose  portal Safetydetective.com  evaluates and rates  Net security  and anti-virus products .  In a blog post the company  reports:  During an  investigation for critical vulnerabilities affecting Microsoft, "We came across multiple vulnerabilities that, when chained together, allow an attacker to take over any Microsoft Outlook, Microsoft Store, or Microsoft Sway account simply via the victim clicking on a link..... hackers could easily access all the emails of the victims and   even an antivirus ccould not have protected...which is why this breach is so serious."
SafetyDetective,  hired Indian security researcher Sahad NK to   further establish the vulnerability.  Sahad discovered that a Microsoft subdomain, "success.office.com", had not been properly configured. He also found bug in Microsoft Office, Store and Sway products. Based on his work,  SafetyDetective says:  "The vulnerabilities were reported to Microsoft in June and fixed at the end of November 2018. While the vulnerability proof of concept was only made for Microsoft Outlook and Microsoft Sway, we expect it to affect all Microsoft accounts including Microsoft Store."
Sahad has received a reward  -- a bug bounty -- from Microsoft. Earlier he has  detected  security flaws in Facebook and was similarly rewarded