An interesting and worthwhile interview (available on YouTube) with security researcher Amit Serper reveals a lot more detail about the Autodiscover credential leak reported by Guardicore last month. The interview (with three Office 365 MVPs) goes through the collection of leaked credentials, how Serper tried to reproduce the problem, and his interaction with Microsoft. It’s a real pity Serper didn’t include the information in his original report as it would have taken a lot of heat out of the situation.
Find articles about deploying, configuring and administering Microsoft Exchange Server for on-premises environments.
If you’ve migrated to Exchange Online, make sure you stop publishing your Exchange Servers to the internet. After a standard Hybrid migration, you still might be reliant on Exchange Server and in this article you can find out why and how to move remaining web services to Microsoft 365.
It’s often helpful when security researchers like Guardicore shed light on flaws in Microsoft Exchange – however, the Autodiscover protocol isn’t flawed in the way they describe. Even though the issue is hard to replicate, it shouldn’t distract from the work you need to do to protect your organization from the underlying reason why people want your credentials.
Lots of excitement was generated when Guardicore revealed a purported vulnerability with the Exchange Autodiscover service. However, the almost total lack of detail about the configuration used for testing and to generate the reported results makes it impossible for Exchange administrators to check the theory against their own deployment. I don’t think a problem exists with Exchange Online, but it’s possible that poor DNS practice or flawed third-party clients could cause an issue with on-premises servers. The case remains to be proved.
A new Exchange vulnerability has been disclosed this week known as ProxyToken that allows someone who can access an Exchange 2013, 2016 or 2019 server over HTTPS to perform configuration actions against mailboxes of their choosing, such as setting forwarding rules. Find out what you need to do to protect your organization.