Israeli cyber researchers uncover flaw in Microsoft Exchange protocol
Researchers from Guardicore discovered that the flaw led to the leak of user names and passwords. Attackers could use the data to spread through an organization, and in specific cases to breach it
Cybertech
| 29/09/2021
Amit Serper, Guardicore. Photo: Jen Rosenthal
Israeli cyber researchers discovered a breach in a Microsoft protocol that enables users to access Microsoft products such as the Outlook email service. Amit Serper from cyber company Guardicore led the research regarding the flaw that affects a large number of people and businesses who use Microsoft products around the world. The flaw causes the leak of user names and passwords. The leaked data could be used by attackers to spread within an organization during a cyberattack, and in certain cases even carry out the initial breach.
The problem originates in the way in which the protocol was designed by Microsoft to send names and passwords to domains automatically. The research team of Guardicore Labs that located the flaw acquired a number of domains for receiving the data. Shortly afterwards, the domains started to receive names and passwords. Between April 16 and August 25, the researchers received more than 372,000 user names and passwords, including passwords leaked from various apps such as Microsoft Outlook. It shows that passwords can be leaked from an organization by a legitimate service originally intended to streamline the organization's operations, without any of the IT or data security departments being aware of it.
The cyber researchers who uncovered the flaw have made a series of international achievements in the field of data security. Amit Serper, who previously served as a cyber researcher for the Israeli Prime Minister's Office, gained worldwide attention after becoming the first researcher to develop a vaccine against the "NotPetya" ransomware that attacked hundreds of organizations worldwide and caused damage estimated at more than $1 billion. In addition, he discovered a vaccine against the "Bad Rabbit" ransomware that hit infrastructure and transportation companies as well as airports in Russia, Ukraine and other countries. Serper was also among the leaders of research that uncovered a sophisticated attack against cellular service providers that lasted a number of years without being discovered, an attack that exposed the data of millions of customers in order to specifically conduct surveillance of people in sensitive positions.
Guardicore, founded by Dror Sal'ee, Pavel Gurvich and Ariel Zeitlin, develops protection software for corporate cloud networks and internal servers for companies in the financial, e-commerce, and technology fields, as well as for educational organizations. The company employs 350 workers in development centers, sales and customer support in Israel, the U.S., Canada, Brazil, India, Mexico, Western Europe and Ukraine.
A spokesman for Microsoft said "We are actively investigating and will take appropriate steps to protect customers."
Researchers from Guardicore discovered that the flaw led to the leak of user names and passwords. Attackers could use the data to spread through an organization, and in specific cases to breach it
Amit Serper, Guardicore. Photo: Jen Rosenthal
Israeli cyber researchers discovered a breach in a Microsoft protocol that enables users to access Microsoft products such as the Outlook email service. Amit Serper from cyber company Guardicore led the research regarding the flaw that affects a large number of people and businesses who use Microsoft products around the world. The flaw causes the leak of user names and passwords. The leaked data could be used by attackers to spread within an organization during a cyberattack, and in certain cases even carry out the initial breach.
The problem originates in the way in which the protocol was designed by Microsoft to send names and passwords to domains automatically. The research team of Guardicore Labs that located the flaw acquired a number of domains for receiving the data. Shortly afterwards, the domains started to receive names and passwords. Between April 16 and August 25, the researchers received more than 372,000 user names and passwords, including passwords leaked from various apps such as Microsoft Outlook. It shows that passwords can be leaked from an organization by a legitimate service originally intended to streamline the organization's operations, without any of the IT or data security departments being aware of it.
The cyber researchers who uncovered the flaw have made a series of international achievements in the field of data security. Amit Serper, who previously served as a cyber researcher for the Israeli Prime Minister's Office, gained worldwide attention after becoming the first researcher to develop a vaccine against the "NotPetya" ransomware that attacked hundreds of organizations worldwide and caused damage estimated at more than $1 billion. In addition, he discovered a vaccine against the "Bad Rabbit" ransomware that hit infrastructure and transportation companies as well as airports in Russia, Ukraine and other countries. Serper was also among the leaders of research that uncovered a sophisticated attack against cellular service providers that lasted a number of years without being discovered, an attack that exposed the data of millions of customers in order to specifically conduct surveillance of people in sensitive positions.
Guardicore, founded by Dror Sal'ee, Pavel Gurvich and Ariel Zeitlin, develops protection software for corporate cloud networks and internal servers for companies in the financial, e-commerce, and technology fields, as well as for educational organizations. The company employs 350 workers in development centers, sales and customer support in Israel, the U.S., Canada, Brazil, India, Mexico, Western Europe and Ukraine.
A spokesman for Microsoft said "We are actively investigating and will take appropriate steps to protect customers."
