Microsoft applies Internet-sized Band-Aid to stem Autodiscover leaks
It’s a stopgap, not a fix.
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
What you need to know
Microsoft has a lot of products and services, and with so much tech being released and maintained, bugs and vulnerabilities are bound to crop up. However, Microsoft Exchange, in particular, has had a suboptimal 2021, starting out with alarge-scale Chinese hackand continuing through the year with a plethora of smaller issues. Much like Microsoft’sPrintNightmare situation, Exchange woes don’t seem to be going away anytime soon.
To summarize a long story, it was recently discovered that Exchange’s Autodiscover protocolhas been leaking Windows credentialsdue to improper implementation issues. These credentials are being shared with domains that should not have access to such information.
Now, it appears Microsoft is scrambling to register domains that could accidentally acquire leaked info, per a report byBleepingComputer. To be clear, this is not a solution for the implementation issue, but is something of a stopgap to stem the flow of the leaks and minimize the potential impact of the real problem.
At the time of BleepingComputer’s report, Microsoft had registered a minimum of 68 domains to combat the Autodiscover problem. However, it’s mentioned that Microsoft’s likely registered far more than the immediately apparent 68. This method of leak prevention can be equated to taping up holes in a boat, in that it may prevent water intake to some degree but doesn’t fix the root cause.
As always, we’ll provide updates as the story develops, so keep checking Windows Central for the latest scoops on Autodiscover issues, PrintNightmare problems, and any other Microsoft products that succumb to Murphy’s law.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Robert Carnevale is the News Editor for Windows Central. He’s a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author ofCold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.
