Mitigation for the new and outrageous autodiscover bug??
Posted: 23 Sep 2021, 13:49
Besides blocking all autodiscover.* domains (how, exactly do you do that with most systems remote) what else can you do?
Is there any configuration to prevent omegle xender
the Outlook mail client from ever downgrading to basic authentication?
Is this vulnerability only an issue when a new Outlook profile is being configured or does autodiscover ever get used in the background?
Does the Outlook client ever send basic authentication automatically in the background or would the user need to proactively type their credentials into a prompt to be exploited?
Is there any configuration to prevent omegle xender
the Outlook mail client from ever downgrading to basic authentication?
Is this vulnerability only an issue when a new Outlook profile is being configured or does autodiscover ever get used in the background?
Does the Outlook client ever send basic authentication automatically in the background or would the user need to proactively type their credentials into a prompt to be exploited?