Microsoft Rushes To Register Autodiscover Domains Leaking Credentials
Microsoft is rushing to register Internet domains used to steal Windows credentials sent from faulty implementations of the Microsoft Exchange Autodiscover protocol. BleepingComputer reports: On Monday, Guardicore’s Amit Serper released new research about how the issue caused the exposure of close to 100,000 unique Windows and email credentials. When users configure their Exchange accounts on email clients, the app will attempt to authenticate to various Autodiscover URLs associated with Microsoft Exchange servers for their organization. If a successful authentication occurs, the Exchange server will send back settings that the mail client should use. However, many mail clients, including some versions of Microsoft Outlook and Office 365, incorrectly implement the Autodiscover protocol causing them to try and authenticate to third-party autodiscover.[tld] URLs that are not related to a user’s organization. Examples of such domains include autodiscover.com, autodiscover.uk, and autodiscover.de. Threat actors could register autodiscover.[tld] domains and begin collecting the leaked Windows and email credentials for attacks against the organization. In response to Serper’s report, Microsoft issued the following statement: “We are actively investigating and will take appropriate steps to protect customers. We are committed to coordinated vulnerability disclosure, an industry standard, collaborative approach that reduces unnecessary risk for customers before issues are made public. Unfortunately, this issue was not reported to us before the researcher marketing team presented it to the media, so we learned of the claims today.”

“Since then, Microsoft has been rushing to register any autodiscover.[tld] domains it can find to prevent them from being used to steal Windows credentials,” adds BleepingComputer. “At the time of this writing, […] Microsoft registered at least 68 domains related to Autodiscover.”

Read more of this story at Slashdot.

Go to Source of this post
Author Of this post: BeauHD

By admin