Kochi, December 16 2018: A Kerala-based Indian cyber specialist has plugged a security hole in Microsoft products that would potentially have affected 400 million users.
The vulnerabilty came to the attention of UK-headquartered cyber security resource whose portal Safetydetective.com evaluates and rates Net security and anti-virus products . In a blog post the company reports: During an investigation for critical vulnerabilities affecting Microsoft, "We came across multiple vulnerabilities that, when chained together, allow an attacker to take over any Microsoft Outlook, Microsoft Store, or Microsoft Sway account simply via the victim clicking on a link..... hackers could easily access all the emails of the victims and even an antivirus ccould not have protected...which is why this breach is so serious."
SafetyDetective, hired Indian security researcher Sahad NK to further establish the vulnerability. Sahad discovered that a Microsoft subdomain, "success.office.com", had not been properly configured. He also found bug in Microsoft Office, Store and Sway products. Based on his work, SafetyDetective says: "The vulnerabilities were reported to Microsoft in June and fixed at the end of November 2018. While the vulnerability proof of concept was only made for Microsoft Outlook and Microsoft Sway, we expect it to affect all Microsoft accounts including Microsoft Store."
Sahad has received a reward -- a bug bounty -- from Microsoft. Earlier he has detected security flaws in Facebook and was similarly rewarded