The Microsoft Exchange on-premise installed email service is exposed to the risk of the installed Microsoft email flaw, says Reuters.
In an interview with ZDNet, Gaschet said that during the past three years, he’s been reporting subdomains with misconfigured DNS records to Microsoft, but the company has either been ignoring reports or silently securing some subdomains, but not all.
Researcher: Only 5%-10% got fixed
Gaschet says he reported 21 msn.com subdomains that were vulnerable to hijacks to Microsoft in 2017, and then another 142 misconfigured microsoft.com subdomains in 2019.
“The root cause/mistake is a forgotten DNS entry pointing to something that doesn’t exist anymore, or never existed, like a typo in the DNS entry content,” Gaschet told ZDNet.
Subdomain hijacks lead to spam on microsoft.com
But until now, these misconfigurations have never caused Microsoft any problems or headaches, despite being an attractive attack surface.
In a hypothetical scenario, an attacker could hijack one of these subdomains and host phishing pages to harvest login credentials for Microsoft employees, business partners or even its end-users.
The scenario is not something that has not been seen before.
Luckily, no dangerous threat groups have noticed this problem.
Sadly, others have.
Today, Gaschet pointed out on Twitter that at least one spam group has figured out they could hijack Microsoft’s subdomains and boost their spammy content by hosting it on a reputable domain.
Gaschet says he spotted ads for Indonesian poker casinos on at least four legitimate Microsoft subdomains. These include portal.ds.microsoft.com, perfect10.microsoft.com, ies.global.microsoft.com, and blog-ambassadors.microsoft.com.
Microsoft says that a known issue will block Windows 10 from booting after trying to restore the system to a restore point created before installing a Windows 10 update.
The issue according to Sergiu Gatlan of Bleeping Computer, affects all Windows machines where system protection is turned on and a system restore point has been created prior to installing one or more Windows 10 updates.
When users try to restore the system after the Windows 10 updates have finished installing, the system will not be restored and, instead, “the computer experiences a Stop error (0xc000021a)” and, after restarting the computer, the system will not be able to return to the Windows desktop.
According to Microsoft’s support document, this is a known Windows 10 issue and it happens because:
During the system restore process, Windows temporarily stages the restoration of files that are in use. It then saves the information in the registry. When the computer restarts, it completes the staged operation.
In this situation, Windows restores the catalog files and stages the driver
.sysfiles to be restored when the computer restarts. However, when the computer restarts, Windows loads the existing drivers before it restores the later versions of the drivers. Because the driver versions do not match the versions of the restored catalog files, the restart process stops.
Failed restart recovery
Redmond provides a procedure that can be followed to recover from the failed restart caused by this known issue which requires users to enter the Windows Recovery Environment (Windows RE or WinRE) by restarting the computer again after the failure.
To be able to circumvent the restart failures caused by this known issue, users may have to either restart two times in a row or use a hardware restart switch.
Once the Windows Recovery Environment is on the screen, follow these steps:
- Select Troubleshoot > Advanced options > More recovery options > Startup settings, and then select Restart now.
- In the list of startup settings, select Disable driver signature enforcement. (Note: You may have to use the F7 key to select this setting.)
- Allow the startup process to continue. As Windows restarts, the system restore process should resume and finish.
Following the steps listed above will allow users to restore the computer to the restore point chosen before the Stop error (0xc000021a) was triggered.
Avoiding failed restarts
In order to start the System Restore wizard on computers affected by the restart crashes caused by failed system restores, users have to use WinRE instead of the Settingsdialog box.
To be able to start this process from the Windows desktop, follow this procedure:
- Select Start > Settings >Update & Security > Recovery.
- Under Advanced options, select Restart now.
- After WinRE starts, select Troubleshoot > Advanced options > System restore.
- Enter your recovery key as it is shown on the screen, and then follow the instructions in the System Restore wizard.