Ghost-Sender flaw in Exchange Online lets spoofed emails bypass security; Microsoft says customers must fix it themselves
By
Dr. Christopher Kunz
Summary
A configuration flaw in Microsoft Exchange Online, named "Ghost-Sender" by researchers, allows spoofed emails to bypass security protections. The issue occurs when external mail filtering services forward emails to Exchange Online, and Microsoft's security team has stated they will not fix it, placing responsibility on customers to configure their systems properly. Not all corporate customers are affected, and a verification service is available to check vulnerability.
Source
Key quotes
· 5 pulledA configuration error in Exchange Online, which security researchers have dubbed 'Ghost-Sender,' allows spammers and cybercriminals to bypass the provider's protective measures and send spoofed emails.
Microsoft's security department declared itself not responsible – customers must take care of it themselves.
If a company uses a service for mail filtering or other tasks and has registered it in the DNS as an MX record (Mail eXchange), all emails go there first.
After processing by the external service, it forwards the emails to Exchange Online (EXO) for delivery
Not all corporate customers of Microsoft's mail service are affected. A verification service provides clarity and shows the potential impact.
You might also wanna read
Ghost Phishing Unveils Security Gaps in Email Protection
New Ghost Phishing Wave Is Breaking Traditional Email Security
Microsoft Outlook.com Email Delivery Issues Block Legitimate Messages
Microsoft's Outlook.com email service experienced significant email delivery issues where legitimate emails were being rejected due to IP ad
Scammers exploit Microsoft account loophole to send spam from legitimate internal email address
Scammers have been exploiting a loophole in Microsoft's system to send spam emails from an internal Microsoft email address that is normally
Ask HN: Gmail spam filtering suddenly marking everything as spam?
Zendesk Security Flaw Enables Mass Email Bombing Attacks
Cybercriminals are exploiting a security vulnerability in Zendesk's customer service platform that allows them to send massive volumes of th

Comments
Sign in to join the conversation.
No comments yet. Be the first.