CSOonline

Exchange Autodiscover feature can cause Outlook to leak credentials

A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers.
Threat Post

Exchange/Outlook Autodiscover Bug Spills 100K+ Email Passwords

Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text. Guardicore security researcher Amit ...
Bleeping Computer

Microsoft rushes to register Autodiscover domains leaking credentials

Microsoft is rushing to register Internet domains used to steal Windows credentials sent from faulty implementations of the Microsoft Exchange Autodiscover protocol. On Monday, Guardicore's Amit ...
Ars Technica

Help with Exchange 2010 and Outlook 2010 Autodiscover

Autodiscover works great on user's local machines (desktops, laptops, etc) on the internal LAN. However I've got a Terminal Server with Outlook 2010 installed that Autodiscover fails every time you ...
Ars Technica

Exchange/Outlook autodiscover bug exposed 100,000+ email passwords

Security researcher Amit Serper of Guardicore discovered a severe flaw in Microsoft's autodiscover—the protocol which allows automagical configuration of an email account with only the address and ...
Redmond Magazine

Exchange Security Hole, Delayed Updates and Basic Authentication End Date Announced

This week brings Exchange Online news regarding Basic Authentication, plus a September cumulative update delay for Exchange Server. If that weren't enough, there's a major security hole discovered in ...