Researchers say an Exchange Autodiscover bug can be used to obtain Windows users’ domain and app credentials; Microsoft is investigating (Catalin Cimpanu/The Record)

Catalin Cimpanu / The Record:
Researchers say an Exchange Autodiscover bug can be used to obtain Windows users’ domain and app credentials; Microsoft is investigating  —  Security researchers have discovered a design flaw in a feature of the Microsoft Exchange email server that can be abused to harvest Windows domain and app credentials from users across the world.