As Thomas Claburn at The Register reports, Microsoft made an embarrassing goof in the release notes it published for the Patch Tuesday security updates it issued earlier this week.
Rather than directing readers to a blog post from the Microsoft Security Response Center on msrc-blog.microsoft.com, it mistakenly pointed them towards msrc-blog.microosft.com instead.
It’s an easy typo to make, and one that was easy for Microsoft to fix once they became aware of it.
But anyone clicking on the link in the meantime was redirected via the third-party microosft.com typo-bait website to one owned by someone who was keen to make a few cents from Google Ads whenever folks fumbled the spelling in their browser.
Thankfully, there was nothing malicious at the microosft URL, but there could so easily have been.
Microsoft confirmed to The Register that their webpage pointing to “microosft” had not been hacked, and that it was simply a typo by one of their team. But I must admit that I’m surprised those maintaining webpages on the Microsoft Security Response Team site have to ever type in URLs by hand.
Wouldn’t it be simpler and less prone to screw-ups to cut-and-paste URLs, or use the content management system to offer URLs to link to?
At the end of the day, no harm seems to have been done. But it’s something Microsoft should be more careful about in future.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.