An error in a Microsoft server could have facilitated the massive distribution of malware on numerous websites.
Some news about vulnerabilities and failures of large companies are known over the months. Some time after it was known, there were reports of failures and their consequences, such as with the reported issue involving a Microsoft server.
Now it has been reported that a major Microsoft bug was discovered in September and could open the door to countless scams and problems on WordPress websites.
It all came about because Microsoft left a Desktop Service Store (DS_STORE) file open on one of their public access servers located in Vancouver. This file contained key information for WordPress database dumps.
Among the information that has been discovered to be available to anyone who wanted to use it were the admin usernames and email addresses as well as the Microsoft password hash.
This file was located by CyberNews cybersecurity researchers who were on other unrelated jobs. As published on their website, the file was used to gain access to sensitive or confidential data and structures of folders.
In the available information there were also “numerous administrator login credentials and the hashed admin password for the WordPress website from Microsoft Vancouveraccording to TechRadar.
In CyberNews they assure that it took weeks to receive a response after informing Microsoft about their discovery and they observed that they fixed the problem almost a month after the notice.
If there have been attacks or problems due to this new flaw in Microsoft’s security, we will know it over time, but the news offers some details that could be worrying for users and companies that use the servers of the well-known company.