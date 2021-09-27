Microsoft Exchange leaks information from 100,000 users due to failure
Microsoft is rushing to register internet domains that can be used to steal Windows credentials from a Microsoft Exchange Autodiscover protocol flaw.
Last week, a survey by security expert Amit Serper from Guardicore, was made available, showing that these flawed implementations ended up exposing more than 96 thousand unique e-credentials. mails and Windows users.
The Autodiscover protocol (Autodiscover, in free translation) is used to minimize the need for users to configure email servers in managers such as Outlook, giving quick access to Microsoft tools Exchange from a credential authentication.
Microsoft sent a statement to the website BleepingComputer, in which the company’s senior director, Jeff Jones, states that the investigation of the flaw is already underway and that the company will take the necessary steps to protect your customers. Jones concludes by saying that Microsoft was unaware of the flaw until the Guardicore report was released.
The initial way that Microsoft is trying to mitigate the problem is by registering the various addresses in your name with “autodiscover”, to prevent criminals from using them to collect data from the failure . Until the day in September, the company had already registered more than 69 addresses, with the number increasing if variants, such as “autodiscover.com.es” and “autodiscover.org. es”, are accounted for.
However, just registering domains is not enough to fix the flaw. Microsoft, with Outlook and Office 1024, and other companies developing email clients, need fix the implementation and authentication of autodiscover URLs, as while it is available, attempts to connect with unofficial addresses will continue to occur.
As long as the flaw is not resolved, security companies recommend that companies introduce new firewall rules in their networks, to block any access requests to addresses with autodiscover.(TLD). Guardicore’s website has a list of addresses that can be added to your computer’s firewall to block access to unofficial authentication addresses. The file, with the URLs, can be purchased here.
Security firms also recommend that network administrators ensure that connections are disabled with basic HTTP authentication so that clear text credentials are not sent over the network.
Source: Guardicore, Bleeping Computer, CSO Online
