Microsoft continues to have a Subdomain Hijacking problem

Heidi Finigan | Last Updated:

VPN Streaming Expert

If you’re one of those people with a laptop or smartphone that routinely sees countless pop-ups and intrusive ads appearing out of nowhere, then you’re not alone.

In fact, the issue seems to be affecting just about everyone who visits a specific hijacked subdomain provided by Microsoft.

That said, before you run countless anti-virus programs or call in the tech experts, you may just have to forgo visiting specific websites to fix the problem.

Subdomain Hijacking

This past week it has become apparent that a number of subdomains made available by Microsoft have been hijacked by cybercriminals, and they have remained in control of these networks for more than a few years.

These hijackers are essentially using poorly secured Microsoft domains, which are described as ‘misconfigured subdomains,’ to advertise websites and applications for financial gain. Some are even building fake log-in portals to harvest credentials.

You will likely recall a casino’s website or other various gambling and betting websites appearing on your device out of nowhere. This is more than likely the result of a subdomain hijack, and isn’t too much of a cause for concern, though it can be intrusive and annoying.

What is a Subdomain Hijacking ?

A security researcher for NIC, Michel Gaschet, has made it known that most operating system and domain hosting corporations will quickly patch bugs and loose ends in their code to keep open subdomains secure. In Microsoft’s case, only major subdomains such as cloud.microsoft.com got this preferential treatment, while just about all of the company’s other minor domains were overlooked entirely.

In short, Microsoft’s overlooking of their subdomain security has opened these addresses to hijacks and allowed a barrage of ads to spew onto millions of devices around the globe.

Gaschet also showed that the vulnerabilities were startlingly easy to implement and often just required a DNS confirmation to manipulate the subdomain’s content; an exercise that could be undertaken by just about anyone with intermediate experience in IT.

An example of a hijacked (and repaired) Microsoft subdomain can be found below: http://blog-ambassadors.microsoft.com

The hijacked link even included the official Microsoft.com domain, making it appear legitimate.

Back in 2014, a Detectify blog post summed up Microsoft’s entire DNS and misconfiguration issue as something as simple as ‘a forgotten DNS entry pointing to something that doesn’t exist anymore, or never existed, like a typo in the DNS entry content.’

Microsoft’s Complacency

As many commenters have pointed out in forums, Microsoft being so complicit in the situation reflects poorly on the entire company’s approach to security.

From a big picture standpoint, can we trust Microsoft to genuinely keep their customer’s data and devices safe when online if their own websites are knowingly being hijacked and remain accessible?

Gaschet also noted that although the problem is relatively severe, Microsoft repaired less than 10 percent of issues, with the average repair being between 5 and 10 percent. Between 2017 and 2019 there were hundreds of misconfigured Microsoft.com subdomains as well as 21 MSN subdomains that were insecure and actively being hijacked.

To summarise, Microsoft may not be so inclined to repair these misconfiguration issues as there isn’t too much of a direct risk to users unless they click or interact with an ad or malicious window.

Though, if a website user mistakingly sees a fake log-in window and enters their credentials — they are susceptible to a major hack.

Protecting Yourself Through A VPN

As we all know, you should never click on a link, window or website that isn’t touting an official domain, or an HTTPS certified link. Though, when subdomains are hijacked, it can be very difficult to tell the difference.

For these issues, at VPNCompass, we suggest subscribing to and installing a VPN across the devices you use to browse the web.

Many VPNs now include ad-blocking and malicious website blocking features that don’t only stop ads but block ad-popups that may be intrusive or fish for your sensitive details or data.

Our recommended leading VPNs include NordVPN, ExpressVPN and CyberGhost, all of which include some sort of ad-blocking feature.

With these VPNs, you’ll be free to roam the web knowing that your data is encrypted and can be assured that all ads, from intrusive to malicious aren’t going to make an appearance on your device.

PRIVACY ALERT: Websites you visit can see your current IP Address:

  • Your IP Address: 23.20.220.59
  • Your Location: Ashburn, US
  • Your Internet Provider: Amazon.com

* Scammers, Governments, and Advertisers can use this information to track and target you.

Our recommended vpn service provider for general all-round internet security and online privacy is ExpressVPN. It offers an excellent selection of online security and internet privacy features, excellent speed, and the ability to unblock your favorite streaming services (Netflix, Hulu, Amazon Prime, BBC iPlayer).

Visit ExpresssVPN

Categories: News

view further information about ExpressVPN prices

Our Testing Process

  1. Security
  2. No-Logs Policies
  3. Speed
  4. Streaming
  5. Torrenting
  6. Censorship
view further information about ExpressVPN product features