1. Forum
  2. Usenet
  3. NEWS.ADMIN.NET-ABUSE.EMAI

  • eMail news: Misconfigurations in Microsoft Exchange open new doors to e

    From Randolf Richardson =?UTF-8?B?5by15p@21:1/5 to All on Wed Sep 4 16:10:25 2024
    Misconfigured DMARC settings leave users and third-party emails
    exposed...

    A new report from the Acronis Threat Research Unit has uncovered
    a vulnerability in Microsoft Exchange Online settings that could
    enable email spoofing attacks.

    This issue primarily affects users with a hybrid configuration
    of on-premises Exchange and Exchange Online, and those utilizing
    third-party email security solutions.

    In July 2023, Microsoft introduced a major change in how it
    handles DMARC (Domain-based Message Authentication, Reporting,
    and Conformance) within Microsoft Exchange. This update was
    intended to bolster security by enhancing how email servers
    verify incoming emails' legitimacy. Unfortunately, despite clear
    guidance from Microsoft, a considerable number of users have yet
    to implement these security measures, leaving their systems
    vulnerable to various cyber threats, particularly email
    spoofing.

    === How misconfiguration leads to vulnerabilities ===

    Microsoft Exchange Online can be used as a mail server without
    the need for on-premises Exchange servers or third-party anti-
    spam solutions. However, vulnerabilities arise when Exchange
    Online is used in hybrid environments - where on-premises
    Exchange servers communicate with Exchange Online via
    connectors - or when a third-party MX server is involved.

    Email remains a key target for cybercriminals, and this is why
    robust security protocols are essential to protect against
    spoofing. Three critical protocols have been developed for this
    purpose: Sender Policy Framework (SPF) checks whether a mail
    server is authorized to send email on behalf of a domain using
    DNS records; DomainKeys Identified Mail (DKIM) allows emails to
    be digitally signed, verifying that they originate from an
    authorized server and ... [snip]

    [remaining content accessible in linked article...]

    Article source: https://www.techradar.com/pro/misconfigurations-in-microsoft-exchange-open-new-doors-to-email-spoofing-attacks-here-s-how-it-works

    --
    Randolf Richardson 張文道, CNA - noc@inter-corporate.com
    Inter-Corporate Computer & Network Services, Inc.
    Beautiful British Columbia, Canada
    https://www.inter-corporate.com/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)