There is a vulnerability in the Microsoft Exchange e-mail program that can be easily exploited. Guardicore security researchers were able to use named domains to intercept approximately 100,000 email access data within four months that were sent via the Exchange Autodiscover function.
Auto Detection Goes Away
With Autodiscover, Microsoft wants to make it easier to set up email clients. Exchange looks for stored setup data such as a mailbox address so the user doesn’t have to enter anything other than an email address and password. This search for stored data is precisely the problem, because there is no uniform standard for the storage location.
For example, the email address is at beispielhoster.de Registered, eg Autodiscover searches in autodiscover.beispielshoster.de or at beispielshoster.de/autodiscover According to the company’s data. After several such attempts, the program continues and tries more general areas such as autodiscover.de. However, this domain has nothing to do with the specific email host, so in principle each user can simply register a matching domain and set up the web server accordingly and receive email data from Microsoft automatically. That’s exactly what the researchers at Guardicore have taken advantage of.
Also interesting: AMD Ryzen: chipset driver vulnerability that enabled data theft, fix already distributed
This error is particularly significant because Exchange either transmits access data directly to the target server in unencrypted form, or at least delivers it on demand. With the latter, Exchange asks the user to enter their Windows login credentials, but this shouldn’t seem suspicious to most users.
However, Microsoft’s reaction to the error is unusual: computer sleeping sea The company simply started by recording all possible areas of auto-discovery. However, some of these domains are already registered, so they can still be used for data theft. Therefore, it is necessary to check with Microsoft Exchange for a correct solution. However, it is not clear if and when this will happen – especially because there was an initial report on the security gap as early as 2017.
Resources: guardAnd hotAnd Spiegel
Security Disaster: Specter & Meltdown – Backgrounds, Tips, and Standards
Links marked with * are affiliate links. Affiliate links are not advertisements because we are independent in the research and selection of products offered. We receive a small commission on product sales, which we use to partially fund the site’s free content.
“Professional food nerd. Internet scholar. Typical bacon buff. Passionate creator.”