53.3 F
New York
Saturday, October 23, 2021

Microsoft applies Internet-sized Band-Aid to stem Autodiscover leaks

It’s a stopgap, not a fix.

What you need to know

Exchange’s Autodiscover protocol reportedly has a credential-leaking issue.
acknowledged the situation but did not provide a clear outline of what it planned to do to solve the matter.
Now, a new report illustrates one method is using to protect itself in the interim.

has a lot of products and services, and with so much tech being released and maintained, bugs and vulnerabilities are bound to crop up. However, Microsoft Exchange, in particular, has had a suboptimal 2021, out with a large-scale Chinese hack and continuing through the year with a plethora of smaller issues. Much like Microsoft’s PrintNightmare situation, Exchange woes don’t seem to be going away anytime soon.

To summarize a long story, it was recently discovered that Exchange’s Autodiscover protocol has been leaking Windows credentials due to improper implementation issues. These credentials are being shared with domains that should not have access to such information.

Now, it appears is scrambling to register domains that could accidentally acquire leaked info, per a report by BleepingComputer. To be clear, this is not a solution for the implementation issue, but is something of a stopgap to stem the flow of the leaks and minimize the potential impact of the real problem.

At the time of BleepingComputer’s report, Microsoft had registered a minimum of 68 domains to combat the Autodiscover problem. However, it’s mentioned that Microsoft’s likely registered far more than the immediately apparent 68. This method of leak prevention can be equated to taping up holes in a boat, in that it may prevent water intake to some degree but doesn’t fix the root cause.

As always, we’ll provide updates as the story develops, so keep checking Central for the latest scoops on Autodiscover issues, PrintNightmare problems, and any other Microsoft products that succumb to Murphy’s law.

It’s a stopgap, not a fix.

What you need to know

Microsoft Exchange’s Autodiscover protocol reportedly has a credential-leaking issue.
Microsoft acknowledged the situation but did not provide a clear outline of what it planned to do to solve the matter.
Now, a new report illustrates one method Microsoft is using to protect itself in the interim.

Microsoft has a lot of products and services, and with so much tech being released and maintained, bugs and vulnerabilities are bound to crop up. However, Microsoft Exchange, in particular, has had a suboptimal 2021, out with a large-scale Chinese hack and continuing through the year with a plethora of smaller issues. Much like Microsoft’s PrintNightmare situation, Exchange woes don’t seem to be going away anytime soon.

To summarize a long story, it was recently discovered that Exchange’s Autodiscover protocol has been leaking credentials due to improper implementation issues. These credentials are being shared with dom…

Source : Central – News, Forums, Reviews, Help for Windows 10, Windows 11, and all things Microsoft. Read More

?s=96&r=g

Related Articles

Leave a Reply

Stay Connected

- Advertisement -

Trends Now

- Advertisement -

Latest Articles