Microsoft Exchange’s Autodiscover protocol leaked approximately 100,000 login names and passwords for Windows domains worldwide as a result to an unpatched design flaw in the implementation.
The Exchange Audiodiscover service enables users to configure applications, such as Microsoft Outlook, with minimal user input. This allows a combination of email addresses and passwords to be utilized to retrieve other predefined settings required to set up their email clients.
Read more on the leak here.
