An unpatched vulnerability in Microsoft Outlook Desktop could allow an attacker to set a persistent mail forwarder.
Trustwave has reported this vulnerability to Microsoft and the vendor’s response states that there is no fix and no timeline for a fix.
“There is an exploit method that can automatically forward CC’d emails to external addresses via Outlook desktop rules, even if the corporate Exchange server prevents this action.” Trustwave Said.
Since the attacker needs backdoor access to the victim, he accesses Outlook desktop and creates a rule to add the extracted address to the Outlook contact list and a rule to copy outgoing messages to that address. To do.
An insider could use the same vulnerability to pass information to others.
“It also allows legitimate, uncompromised account holders to bypass Exchange rules that prohibit emails from being auto-forwarded to external addresses,” said Trustwave.
“If an attack is discovered and the system is cleaned from the backdoor, the attacker will continue to receive sensitive emails in their inbox unless the IR team knows to check the CC rules,” Trustwave said. says.
“This issue cannot be resolved by existing means, such as setting up mail flow rules in Exchange.”
Researchers Say Outlook Forwarding Rules Can Bypass Corporate Blocks – Security
Source link Researchers Say Outlook Forwarding Rules Can Bypass Corporate Blocks – Security