Why has Microsoft been routing example.com traffic to a company in Japan?
Summary
Microsoft inadvertently routed traffic intended for the example.com domain to a Japanese company due to a misconfigured autodiscover feature. This resulted in the exposure of some users' test credentials. Microsoft is actively working to remediate the problem.
IFF Assessment
FOE
The exposure of credentials, even test credentials, is bad news for defenders as it can lead to further exploitation.
Severity
5.3
Medium
(AI Estimated)
Defender Context
Defenders should monitor autodiscover configurations and network traffic for anomalies. This highlights the importance of proper configuration management and the need to prevent sensitive data, even test data, from being inadvertently exposed. Misconfigured services continue to be a common attack vector.