Researchers claim to have accessed hundreds of thousands of Windows credentials using a bug in the Autodiscover protocol.