All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Ghost-Sender flaw in Exchange Online lets spoofed emails bypass security; Microsoft says customers must fix it themselves

By

Dr. Christopher Kunz

27d ago· 3 min readenNews

Summary

A configuration flaw in Microsoft Exchange Online, named "Ghost-Sender" by researchers, allows spoofed emails to bypass security protections. The issue occurs when external mail filtering services forward emails to Exchange Online, and Microsoft's security team has stated they will not fix it, placing responsibility on customers to configure their systems properly. Not all corporate customers are affected, and a verification service is available to check vulnerability.

Source

bskyGhost-Sender flaw in Exchange Online lets spoofed emails bypass security; Microsoft says customers must fix it themselvesheise.de

Key quotes

· 5 pulled
A configuration error in Exchange Online, which security researchers have dubbed 'Ghost-Sender,' allows spammers and cybercriminals to bypass the provider's protective measures and send spoofed emails.
Microsoft's security department declared itself not responsible – customers must take care of it themselves.
If a company uses a service for mail filtering or other tasks and has registered it in the DNS as an MX record (Mail eXchange), all emails go there first.
After processing by the external service, it forwards the emails to Exchange Online (EXO) for delivery
Not all corporate customers of Microsoft's mail service are affected. A verification service provides clarity and shows the potential impact.
Snippet from the RSS feed
Not all corporate customers of Microsoft's mail service are affected. A verification service provides clarity and shows the potential impact.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.