ADVERTISEMENT

Microsoft Vancouver leaking website credentials via overlooked DS_STORE file

Microsoft Vancouver - featured image
Cybernews Team
Dec 8, 2021 Updated: 17 December 2021 5 min read
  • The root directory and the WordPress credentials of the Microsoft Vancouver website were exposed via a Desktop Services Store file left out on a publicly accessible web server.
  • Microsoft Vancouver works on a variety of Microsoft projects, such as Notes, MSN, Gears of War, Skype, and mixed reality apps.
  • Attackers could use the exposed WordPress credentials to exploit the Microsoft Vancouver website, use the Microsoft domain to stage phishing campaigns, and more.
By analyzing the file, our Investigations team was able to learn about the files hosted on the Microsoft Vancouver server, as well as several database dump files stored on the server.

What’s in the file?

MS Vancouver DS STORE file screenshot
(Example: the contents of the DS_STORE file on the Microsoft Vancouver web server)
MS Vancouver WP admin screenshot
(Example: the table of WordPress administrator users found in a publicly accessible database on the Microsoft Vancouver web server.)
  • Attackers could use the exposed WordPress credentials to plant malware or ransomware on the server, which would allow them to take it hostage, exploit it further, or potentially infiltrate the network of Microsoft Vancouver.
  • By getting their hands on Microsoft Vancouver’s WordPress login, phishers could use the original Microsoft domain to carry out massive phishing campaigns that would bypass phishing filters. Such phishing messages would be displayed as legitimate emails coming from Microsoft. This means that there is a high possibility that most of the recipients would see them as coming from a trusted source, massively increasing the likelihood of subsequent infections.
  • If Microsoft Vancouver stores any mailing lists on their website, threat actors could steal them and send out phishing emails from the same server directly to Microsoft’s subscriber base, which possibly includes current Microsoft employees.

What’s the danger of leaving DS_STORE files on web servers?

This DS_STORE file is also invisible.
ADVERTISEMENT

Protecting against unauthorized access via Desktop Services Store files


More from CyberNews

ADVERTISEMENT