HQ/EMEAFind out how we can help your business
A new high-severity Exchange Server flaw can enable threat actors to spoof legitimate email senders on emails. Reports revealed that this bug is CVE-2024-49040, which has impacted the Microsoft product from 2016 to 2019.
On the other hand, the researchers already notified Microsoft of the vulnerability earlier this year. An assessment of the flaw earlier this year showed that different SMTP servers interpret the recipient address differently, which results in email spoofing.
Another issue the researchers discovered is that some email providers let group names contain the symbols < and >, which is against RFC guidelines. Additionally, they claimed that they had not found any mail providers correctly parse the ‘From’ field by RFC standards, making the exploit elusive to unsuspecting users.
Microsoft has warned everyone that the vulnerability may be used in spoofing attacks directed at Exchange servers, and multiple patches may be released during this month’s Patch Tuesday, including exploitation detection and warning banners.
The newly discovered Exchange Server flaw has prompted Microsoft to include a warning on potential exploitation.
Microsoft explained that after it addressed the Exchange Server flaw earlier this month, the software will now recognise and prepend a warning to malicious emails, even though the company has not addressed the vulnerability and would still accept emails with these incorrect headers.
Furthermore, exploitation detection and email warnings will be activated by default on all systems where administrators enable secure by default settings. To allow administrators to reject phishing emails that try to take advantage of this vulnerability through custom mail flow rules, up-to-date Exchange servers will also include a warning in the body of any emails that they identify as having a fake sender and an X-MS-Exchange-P2FromRegexMatch header.
The warning will contain notes like a red flag about a spoofed email. The warning will state that a user should never trust this email’s content, links, or attachments unless they have confirmed the source reliably.
Therefore, MS Exchange Server users should be aware of these trends and spot Microsoft’s notice before opening or activating any content from a suspicious email. Lastly, be vigilant when accessing email contents, such as attachments or links, to avoid falling victim to these malicious operations.
