![microsoft exchange client for windows microsoft exchange client for windows](https://i.pinimg.com/564x/72/19/ae/7219ae44cbd71205ce4861118cd78601.jpg)
Fix network printing or keep Windows secure? Admins would rather disable PrintNightmare patch.Microsoft fixes flaw that could leak data between users of Azure container services.WTF? Microsoft makes fixing deadly OMIGOD flaws on Azure your job.So upon receiving an HTTP request with an authentication token or NLTM hash, the Guardicore server responded with an HTTP 401 with the HTTP basic access authentication is Base64 encoded but is not encrypted, so this amounts to sending credentials in cleartext. "The most notable thing about these requests was that they requested the relative path of /Autodiscover/Autodiscover.xml with the Authorization header already populated with credentials in HTTP basic authentication," said Serper, who observed that web requests of this sort should not be sent blindly pre-authentication.
![microsoft exchange client for windows microsoft exchange client for windows](https://imag.malavida.com/mvimgbig/download-fs/microsoft-outlook-11160-1.jpg)
with the Authorization header already populated with credentials in HTTP basic authentication
![microsoft exchange client for windows microsoft exchange client for windows](https://upload.wikimedia.org/wikipedia/commons/thumb/d/df/Microsoft_Office_Outlook_(2018–present).svg/1200px-Microsoft_Office_Outlook_(2018–present).svg.png)
It turns out a lot of Exchange servers and clients aren't set up very carefully. Sensing a potential problem with making credentials available to any old TLD with Autodiscover, Guardicore acquired several variations on that theme:, ,, Autodiscover.uk, and Autodiscover.online, among others.Īfter assigning these domains to its web server, Guardicore started receiving numerous requests to Autodiscover endpoints from assorted IP addresses and clients. same flaws appear in other Microsoft protocols of similar functions." In an email to The Register, Serper said, "I believe that this was the consequence of careless, or rather, naïve design. "This means that whoever owns will receive all of the requests that cannot reach the original domain." "This 'back-off' mechanism is the culprit of this leak because it is always trying to resolve the Autodiscover portion of the domain and it will always try to 'fail up,' so to speak," explained Amit Serper, Guardicore area vice president of security research for North America, in the report. If the client doesn't receive any response from these URLs – which would happen if Exchange was improperly configured or was somehow prevented from accessing the designated resources – the Autodiscover protocol tries a "back-off" algorithm that uses Autodiscover with a TLD as a hostname. As Guardicore explained in a report provided to The Register, the client parses the email address – say, – and tries to construct a URL for the configuration data using combinations of the email domain, a subdomain, and a path string as follows: