Reply to post: It's worse than that, he's dead Jim, dead Jim, dead Jim

Story of the creds-leaking Exchange Autodiscover flaw – the one Microsoft wouldn't fix even after 5 years

Anonymous Coward
Anonymous Coward

It's worse than that, he's dead Jim, dead Jim, dead Jim

(yes, you recognised it correctly :) ).

Just in case you didn't pick up on the gravity of this problem, remember that Microsoft uses the combination of email address and password as SSO - one ring to rule them all, so to speak. Once you have that combination you have in principle the keys to the kingdom and it's been handing those off to the well informed for five years now.

Christ what a mess - after this has been patched it's best to have just about everyone who uses Microsoft products change their password. And no, don't use that app idea, that smells too much like just a new way to track people.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022