Ars Technica

Exchange 2010: External Autodiscover query returns internal server names

This is an organization with an existing OWA and ActiveSync deployment. There's no Outlook Anywhere, nor plans to deploy in the near future. However, we do need AutoDiscover to implement ...
CSOonline

Exchange Autodiscover feature can cause Outlook to leak credentials

A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers.
Ars Technica

Autodiscover - returning different server names depending on primary SMTP domain?

Let's assume I have a single Exchange 2010 SP3 box configured to serve out activesync/owa on https://webmail.domain1.com which is set as the internal and external URL in EMC (split DNS config). And in ...
Threat Post

Exchange/Outlook Autodiscover Bug Spills 100K+ Email Passwords

Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text. Guardicore security researcher Amit ...
Redmond Magazine

Microsoft Ending Autodiscover Authentications with Exchange Online

Microsoft is planning to turn off the ability to use Autodiscover to authenticate with Exchange Online for all tenancies, starting this year, according to a Wednesday announcement. This Autodiscover ...