Security News > 2016 > April > Microsoft plugs online services account hijacking vulnerability (Help Net Security)
2016-04-06 14:31
London-based security researcher and bug hunter Jack Whitton has discovered a serious cross-site request forgery flaw affecting Microsoft’s authentication system for online services. A successful exploitation of the vulnerability could allow attackers to collect users’ login tokens and use them to impersonate users on Microsoft’s services, but the good news is that the Redmond giant took only two days to plug the security hole once they knew about it. “Microsoft, being a huge company, have … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/1kvGgeaGiBg/
Related news
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (source)
- Microsoft Copilot for Security prepares for April liftoff (source)
- Microsoft’s Security Copilot Enters General Availability (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Germany warns of 17K vulnerable Microsoft Exchange servers exposed online (source)
- Security Vulnerability in Saflok’s RFID-Based Keycard Locks (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)