Microsoft‘s mail service Exchange is facing serious vulnerability. Security researchers warn!
The head of Microsoft is not getting rid of cyber threats. This time the company is facing a vulnerability in the Exchange email server. It is stated that a design flaw in a feature in Exchange can be exploited to collect Windows domain and application credentials.
Guardicore researchers, who published a report on the existing vulnerability, state that the problem is found in the Microsoft Autodiscover protocol. The protocol that helps Exchange email servers to get the appropriate configurations for their email clients creates a vulnerability due to a design flaw.
Microsoft is investigating the allegations
The flaw, caused by a design flaw in the protocol, begins when attackers send web requests outside of Autodiscover domains. Accordingly, it is stated that attackers can easily obtain credentials from Autodiscover requests.
Guardicore Labs purchased multiple Autodiscover domains with TLD attachments to test this bug. He then set them up to reach a web server under their control. After this stage, the researchers, who took the tests, stated that they found the results surprising. And he stated that they are facing a serious security problem.
In a four-month study by security researchers, 96,671 unique credentials were obtained in Microsoft Outlook, mobile email clients, and other applications in interfacing with Microsoft’s Exchange server.
According to these reports, it is stated that Microsoft is investigating the allegations. If the claims about the vulnerability are true, the software giant is expected to take action quickly.