VULNERABILITY – OFFICE 365 ZWSP DETECTION

Earlier this month, security researchers at Avanan discovered a new zero-width space (ZWSP) vulnerability that was confirmed to have affected Office 365 environments between November 10th, 2018 until January 9th, 2019. ZWSP strings are non-printing Unicode characters normally used to do benign things, such as for enabling line wrapping in long words. However, with this vulnerability attackers used ZWSP strings such as ​ to break up malicious URLs in order to avoid detection by security measures. In the case of Office 365, this technique allowed malicious URLs to completely bypass the security checks of both Office 365 EOP and Office 365 ATP.

Normally, Office 365 security checks would have successfully examined and detected a malicious URL string sent to a user via email. Subsequently, any user clicking a malicious embedded link would be redirected to a red Microsoft security splash page alerting the user to the potential risks of proceeding to the associated webpage. However, by using the ZWSP vulnerability a user would be able to open the raw HTML of an email and then modify a malicious URL such as “www.verybadstuff.com” to become “www​.verybadstuff​.com”, completely bypassing the Office 365 security checks.

While this vulnerability has since been fixed by Microsoft, Avanan reported over 90% of their client base had been hit with attempted phishing emails that utilized this vulnerability. Moving forward we expect to see similar vulnerabilities to bypass security filters for URLs. Nonetheless, we were impressed with the relative ease of executing this particular vulnerability. Below we have listed some steps to help safeguard your users.

Proficio Threat Intelligence Recommendations:

  • Regularly conduct phishing awareness training.
  • Perform checks for this vulnerability when performing internal audits.
  • Ensure Microsoft systems have been updated with the latest patches.

Avanan Security Blog – Click Here

Vulnerability Demo Video – Click Here

Recent Blog Posts

Stay Ahead ofEvolving Threats

Signup for our free newsletter and receive invaluable threat notifications from our Threat Intelligence team.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.

REQUEST A DEMO

Experience Tomorrow’s
Security Today

Request a Demo and Experience Proficio's
Innovative Solutions in Action.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.