News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft and the hijacked Windows live tile service

    Home Forums AskWoody support Windows Microsoft and the hijacked Windows live tile service

    This topic contains 4 replies, has 5 voices, and was last updated by

     BobbyB 3 months ago.

    • Author
      Posts
    • #512549 Reply

      gborn
      AskWoody_MVP

      FYI: Microsoft dumped their Live Tiles thing for Windows 8 to 10, but forgot to delete the CNAME name server records to the live tile service. So a German security researcher was able to run a domain takeover attack. Afterward, he was able to control the content, that has been shown on Live Tiles in Windows start menu. He reported that to Microsoft – but no reaction. So he decided to disclose it today on German news site Golem.

      https://borncity.com/win/2019/04/17/windows-live-tile-takeover-from-security-researcher/

      3 users thanked author for this post.
    • #513124 Reply

      woody
      Da Boss

      Brilliant!

    • #514043 Reply

      Microfix
      Da Boss

      So the MS Tiles obviously were not grouted!
      Thanks @gborn

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

      1 user thanked author for this post.
    • #514812 Reply

      Alex5723
      AskWoody Plus

      Microsoft didn’t know they were hacked for 3 whole months so why expect them to remember to register a sub-domain ?

    • #515968 Reply

      BobbyB
      AskWoody Lounger

      Well the live tiles have been a sporadic pain in the A…errm fundament since about Dec-Jan, they work for a while then either Money, News, Weather and just lately Sport whilst still working essentially, the live Tile on the desktop quits mysteriously or goes blank. Not asserting Hanno Böck has anything to do with it but more like another one of M$’s much vaunted features appears to be kicked to the curb once more.
      This generally results in the usual removal (Power Shell remove + Un/Reinstall), and/or reset, SFC, DISM Cmd’s generally don’t work, do they ever for anything?? just seem to reset <user> custom settings as far as I can see.
      Last night in a moment of Boredom just reset the lot (Win10) using SYSPREP, Audit Mode, removed user account, set SNPP Reg key to retain Custom Driver installs (essential), Generalise to OOBE. Started up with Net disconnected, cancelled updating tiles via WinAero Tweaker removed the irritating Apps via 0&0 I neither want nor use, copied all the <user> files back to their Home’s, few customisations done in an hour and “et Viola” full house again. (The original versions of the Desktop Apps are staged unblemished in the system image, could even be duff updates coming from the Store that’s high on the list of suspects)
      Rather than a take Over as Hanno Böck hints at, although a disturbing development nether the less, its more likely the erratic performance is M$’s negligence or neglect or even cost cutting? as its proved not to be the advertising success they had hoped for as editing the Host’s file removes the bundled Ads mostly and folks basically just click past them any way. Pity really it showed some promise as info at a glance before you get to work or want to be appraised of a say news topic your following or if its raining “Cats and Dogs outside.”
      Conversely Win8.1 although not very advanced/fully featured tiles i.e. simplistic is never a problem, one more Feather in the Cap for M$’s best little secret OS. 😉

      2 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Microsoft and the hijacked Windows live tile service

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.