Posted on

Spammers hijack Microsoft subdomains to advertise poker casinos

In an interview with ZDNet, Gaschet said that during the past three years, he’s been reporting subdomains with misconfigured DNS records to Microsoft, but the company has either been ignoring reports or silently securing some subdomains, but not all.

Researcher: Only 5%-10% got fixed
Gaschet says he reported 21 msn.com subdomains that were vulnerable to hijacks to Microsoft in 2017, and then another 142 misconfigured microsoft.com subdomains in 2019.

“The root cause/mistake is a forgotten DNS entry pointing to something that doesn’t exist anymore, or never existed, like a typo in the DNS entry content,” Gaschet told ZDNet.

Subdomain hijacks lead to spam on microsoft.com
But until now, these misconfigurations have never caused Microsoft any problems or headaches, despite being an attractive attack surface.

In a hypothetical scenario, an attacker could hijack one of these subdomains and host phishing pages to harvest login credentials for Microsoft employees, business partners or even its end-users.

The scenario is not something that has not been seen before.

Luckily, no dangerous threat groups have noticed this problem.

Sadly, others have.

Today, Gaschet pointed out on Twitter that at least one spam group has figured out they could hijack Microsoft’s subdomains and boost their spammy content by hosting it on a reputable domain.

Gaschet says he spotted ads for Indonesian poker casinos on at least four legitimate Microsoft subdomains. These include portal.ds.microsoft.com, perfect10.microsoft.com, ies.global.microsoft.com, and blog-ambassadors.microsoft.com.

Learn more

Posted on

Windows 10 Won’t Boot When Using System Restore After Updating

Microsoft says that a known issue will block Windows 10 from booting after trying to restore the system to a restore point created before installing a Windows 10 update.

24/7 Helpdesk

The issue according to Sergiu Gatlan of Bleeping Computer, affects all Windows machines where system protection is turned on and a system restore point has been created prior to installing one or more Windows 10 updates.

When users try to restore the system after the Windows 10 updates have finished installing, the system will not be restored and, instead, “the computer experiences a Stop error (0xc000021a)” and, after restarting the computer, the system will not be able to return to the Windows desktop.

According to Microsoft’s support document, this is a known Windows 10 issue and it happens because:

During the system restore process, Windows temporarily stages the restoration of files that are in use. It then saves the information in the registry. When the computer restarts, it completes the staged operation.

In this situation, Windows restores the catalog files and stages the driver .sysfiles to be restored when the computer restarts. However, when the computer restarts, Windows loads the existing drivers before it restores the later versions of the drivers. Because the driver versions do not match the versions of the restored catalog files, the restart process stops.

Windows 10 can carry on slurping even when you’re sure you yelled STOP

Failed restart recovery

Redmond provides a procedure that can be followed to recover from the failed restart caused by this known issue which requires users to enter the Windows Recovery Environment (Windows RE or WinRE) by restarting the computer again after the failure.

To be able to circumvent the restart failures caused by this known issue, users may have to either restart two times in a row or use a hardware restart switch.

Once the Windows Recovery Environment is on the screen, follow these steps:

  1. Select Troubleshoot Advanced options More recovery options > Startup settings, and then select Restart now.
  2. In the list of startup settings, select Disable driver signature enforcement. (Note: You may have to use the F7 key to select this setting.)
  3. Allow the startup process to continue. As Windows restarts, the system restore process should resume and finish.

Following the steps listed above will allow users to restore the computer to the restore point chosen before the Stop error (0xc000021a) was triggered.

Avoiding failed restarts

In order to start the System Restore wizard on computers affected by the restart crashes caused by failed system restores, users have to use WinRE instead of the Settingsdialog box.

Why Small Businesses Need ERP and CRM Accounting Systems

To be able to start this process from the Windows desktop, follow this procedure:

  1. Select Start > Settings >Update & Security > Recovery.
  2. Under Advanced options, select Restart now.
  3. After WinRE starts, select Troubleshoot Advanced options System restore.
  4. Enter your recovery key as it is shown on the screen, and then follow the instructions in the System Restore wizard.

 

Windows 10 May 2020 version 2004 update Features

About Us

 

Posted on

Microsoft Azure Customer Data Deleted In DNS Flaw

Users of Microsoft’s Azure system lost database records as part of a mass outage on Tuesday.

A combination of DNS problems and automated scripts were to blame, said reports.

Quora Website Data Breach Hits 100 Million Users

Microsoft deleted several Transparent Data Encryption (TDE) databases in Azure, holding live customer information. TDE databases dynamically encrypt the information they store, decrypting it when customers access it.

Facebook exposed up to 6.8 million users’ private photos to developers in latest data leak

Keeping the data encrypted at rest stops an intruder with access to the database from reading the information.

While there are different approaches to encrypting these tables, many Azure users store their own encryption keys in Microsoft’s Key Vault encryption key management system, in a process called Bring Your Own Key (BYOK).

Breaking down the Marriott data breach

The deletions were automated, triggered by a script that drops TDE database tables when their corresponding keys can no longer be accessed in the Key Vault, explained Microsoft in a letter reportedly sent to customers.

Time Is Now For Social Media and Digital Marketing Intelligence to Grow Your Business

The company quickly restored the tables from a five-minute snapshot backup, but that meant any transactions that customers had processed within five minutes of the table drop would have to be dealt with manually. In this case, customers would have to raise a support ticket and ask for the database copy to be renamed to the original.

 

Why were the systems accessing the TDE tables unable to access the Key Vault? The answer stems from a far bigger issue for Microsoft and its Azure customers this week.
An outage struck the cloud service worldwide on Tuesday, causing a range of problems. These included intermittent access to Office 365 in which users had only half a chance of logging on. Broader Azure cloud resources were also down.

 

Windows 10’s Built-in Antivirus Is Getting A Massive Upgrade

 

This problem was, in turn, down to a DNS outage, according to Microsoft’s Azure status page:

Preliminary root cause: Engineers identified a DNS issue with an external DNS provider.

Mitigation: DNS services were failed over to an alternative DNS provider which mitigated the issue.

Reports suggested that this DNS outage came from CenturyLink, which provides DNS services to Microsoft.

Goodbye to Edge: Microsoft is building a new, faster browser

The company had suffered a software defect, it had said in a statement.

This shows what can go wrong when cloud-based systems are interconnected and automated enough to allow cascading failures.

A software defect at a DNS provider indirectly led to the deletion of live customer information thanks to a lack of human intervention.

CenturyLink seems to be experiencing serial DNS problems lately.

The company, which completed its $34bn acquisition of large network operator Level 3 in late 2017, also suffered a DNS outage in Decemberthat reportedly affected emergency services, sparking an FCC investigation.

Azure users can at least take comfort in the fact that Microsoft is offering multiple months of free Azure service for affected parties.

Source: Naked Security

 


Also viewed

Windows 10 can carry on slurping even when you’re sure you yelled STOP