Microsoft Autodiscover abused to collect web requests, credentials

Researchers were able to exploit a protocol design feature on a vast scale.