Share this article

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Thousands of windows credentials leaked in Microsoft Exchange Autodiscover bug

2 min. read

Published onSeptember 23, 2021

published onSeptember 23, 2021

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

It would seem that Microsoft users continue having woes when it comes to email-related issues. Just the other day, a bug was reported that had invaded Outlook. Then comes the latest invasion.

According to security researchers, the design flaw is in the Microsoft Exchange Email server which provides a leeway for attackers to harvest Windows domain and app credentials from users.

Protocol

Amit Serper of AVP discovered the bug and after close investigation, it has been found to reside in theMicrosoft Autodiscover protocol which is a feature that allows Automatic email server discovery and provides credentials for proper configuration.

The protocol is considered to be crucial and gives admins access in ensuring clients use proper SMTP, LDAP, IMAP and WebDAV among other settings.

Back-off mechanism is the cause

Serper affirms that the back-off mechanism is the cause of the leak as it is always attempting to resolve the autodiscover part of the domain. It always fails making the autodiscover url that is automatically created reach the owner of the domain.

All captured credentials came with no encryption whatsoever in HTTP form. Serper advises users to use more secure forms of authentication such as NTLM and Oauth.

Microsoft is investigating the issue and will revert in due course.

What do you make of the latest bugs dominating emails? Are there ways you are protecting yourself from such vulnerabilities? Share with us in the comment section below.

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com, Forexminute.com, The Writers Network and a host of other companies.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, simplifying the tech universe for the mases.

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Thousands of windows credentials leaked in Microsoft Exchange Autodiscover bug#