Skip to main content

Phishers Use Zero-Width Spaces to Bypass Office 365 Protections

posted onJanuary 11, 2019
by l33tdawg
Wikipedia
Credit: Wikipedia

A recently addressed vulnerability in Office 365 allowed attackers to bypass existing phishing protections and deliver malicious messages to victims’ inboxes.

The issue, cloud security firm Avanan says, resided in the use of zero-width spaces (ZWSPs) in the middle of malicious URLs within the RAW HTML of the emails. This method breaks the URLs, thus preventing Microsoft’s systems from recognizing them and also preventing Safe Links from successfully protecting users.

What’s more, these zero-width spaces don’t render, meaning that the recipient would not notice the random special characters in the URL. The first wave of emails abusing this vulnerability was observed on November 10, and Microsoft addressed the issue on January 9, Avanan’s security researchers say. The vulnerability apparently rendered all Office 365 users vulnerable to phishing attacks, even those who were using Microsoft’s Office 365 Advanced Threat Protection. Both URL reputation check and Safe Links protections are bypassed in the attack.

Source

Tags

Security Microsoft

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th