A cybersecurity professional today demonstrated a long-known unpatched weakness in Microsoft’s Azure cloud service by exploiting it to take control over Windows Live Tiles, one of the key features Microsoft built into Windows 8 operating system.
Introduced in Windows 8, the Live tiles feature was designed to display content and notifications on the Start screen, allowing users to continuously pull up-to-date information from their favourite apps and websites.
To make it easier for websites to offer their content as Live Tiles, Microsoft had a feature available on a subdomain of a separate domain, i.e., “notifications.buildmypinnedsite.com,” that allowed website admins to automatically convert their RSS feeds into a special XML format and use it as a meta tag on their websites.
The service, which Microsoft had already shut down, was hosted on its own Azure Cloud platform with the subdomain configured/linked to an Azure account operated by the company.
However, it turns out that even after disabling the RSS-to-XML converter service, the company forgot to delete nameserver entries, leaving the unclaimed subdomain still pointing to the Azure servers.
Hanno Böck, who discovered this issue, seized this opportunity to exploit the weakness and reclaimed the same subdomain using a newly created account on Azure.
images from Hacker News