Security News > 2016 > April > Microsoft plugs online services account hijacking vulnerability (Help Net Security)
2016-04-06 14:31
London-based security researcher and bug hunter Jack Whitton has discovered a serious cross-site request forgery flaw affecting Microsoft’s authentication system for online services. A successful exploitation of the vulnerability could allow attackers to collect users’ login tokens and use them to impersonate users on Microsoft’s services, but the good news is that the Redmond giant took only two days to plug the security hole once they knew about it. “Microsoft, being a huge company, have … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/1kvGgeaGiBg/
Related news
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Microsoft: Windows 'inetpub' folder created by security fix, don’t delete (source)
- Widespread Microsoft Entra lockouts tied to new security feature rollout (source)
- Microsoft fixes Exchange Online bug flagging Gmail emails as spam (source)
- Doubling down: How Universal 2nd Factor (U2F) boosts online security (source)
- Week in review: Microsoft patches 5 actively exploited 0-days, recently fixed Chrome vulnerability exploited (source)
- ThreatLocker Patch Management: A Security-First Approach to Closing Vulnerability Windows (source)
- Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group (source)