Today's Hard|Forum Post
Today's Hard|Forum Post

Tuesday April 05, 2016

Microsoft Patches Severe Account Hijacking Security Flaw

Within 48 hours after being reported, Microsoft has issued a patch for a vulnerability exposing user accounts to hijacking. The flaw, which allowed attackers to use harvested login tokens, was reported by a security researcher on a Sunday and a fix was issued by Microsoft that Tuesday.

According to British security researcher Jack Whitton, the vulnerability could be exploited through phishing websites designed to harvest login tokens to later compromise user accounts and data. In a blog post on Monday, the researcher said manipulating POST values could be used in attacks which impersonate users of Microsoft products.