National

Kerala-Based Engineer Spots Bug In Microsoft Software, Gets Bounty

The Kerala-based security engineer also received bug bounty from Facebook last year for discovering a bug in the social networking platform.

Advertisement

Kerala-Based Engineer Spots Bug In Microsoft Software, Gets Bounty
info_icon

After discovering vulnerabilities in the products of Microsoft, that could affect over 400 million users as it left them open to hacking, a Kerala-based application security engineer has won bug bounty from the tech giant.

Sahad NK, who works as a security researcher with cybersecurity portal Safetydetective.com, came across multiple vulnerabilities that, when chained together, allow an attacker to take over any Microsoft Outlook, Microsoft Store, or Microsoft Sway account simply via the victim clicking on a link.

A bug bounty is an incentive offered by many tech companies, websites and software developers for finding and reporting bugs pertaining to exploits and vulnerabilities.

Advertisement

"Immediately after finding these vulnerabilities, we contacted Microsoft via their responsible disclosure programme and started working with them," said Safetydetective on Tuesday.

The vulnerabilities were reported to Microsoft in June and fixed by November end.

"While the vulnerability proof of concept was only made for Microsoft Outlook and Microsoft Sway, we expect it to affect all Microsoft accounts including Microsoft Store," said Sahad.

Sahad discovered that a Microsoft subdomain, "success.office.com", had not been properly configured. He also found bugs in Microsoft Office, Store and Sway products.

A string of bugs when chained together created the perfect attack to gain access to someone's Microsoft account -- simply by tricking a user into clicking a link.

Advertisement

"Anyone's Office account, even enterprise and corporate accounts, including their email, documents and other files, could have been easily accessed by a malicious attacker, and it would have been near-impossible to discern from a legitimate user," said TechCrunch.

Sahad, with the help of fellow security researcher Paulos Yibelo, reported the bug to Microsoft, which fixed the vulnerability and gave an unspecified amount as bug bounty to Sahad.

Several tech companies offer bug bounty incentives. Sahad also received bug bounty from Facebook last year for discovering a bug in the social networking platform.

IANS

Tags

Advertisement

Advertisement

MOST POPULAR

Advertisement

WATCH

Advertisement

PHOTOS

Advertisement

Advertisement

Latest Stories
  1. 'Yeh Rishta Kya Kehlata Hai': Samridhii Shukla Has THIS To Say About Rumours Of Not Getting Along With Shehzada Dhami
  2. Dibakar Banerjee Reveals Why He Cast Fresh Faces For 'LSD 2', Shares Singers Refusing To Sing Due To 'Provocative' Content
  3. Pakistan Vs New Zealand, 2nd T20I, Live Streaming: When And Where To Watch PAK Vs NZ Match Online
  4. Ankita Lokhande Reveals Sushant Singh Rajput's Family Is 'Going Through A Lot', Says She Believes He Will Get Justice Soon
  5. Divyanka Tripathi Breaks Two Bones, To Undergo Surgery; Informs Vivek Dahiya
  6. Israel-Iran News: No Immediate Plan For Retaliation, Says Iran; Air India Suspends Flights To Israel
  7. Lok Sabha Election Phase 1 Voting Ends With 60% Polling; Tripura Records Highest Turnout, Bihar Lowest | Updates
  8. Sports Live Updates: UAE To Play Oman In ACC Men's T20I Premier Cup 2024 Final