Security researcher Amit Serper of Guardicore discovered a severe flaw in Microsoft autodiscover —the protocol which allows automagical configuration of an email account with only the address and password required. The flaw allows attackers who purchase domains named autodiscover—for example autodiscover.com, or autodiscover.co.uk—to intercept the clear text account credentials of users who are having network difficulty or whose admins incorrectly configured DNS. Guardicore purchased several...

Read the full article at Arstechnica

Wingeek Icon
More Windows News