Forum Discussion
Ropemaker exploits - Outlook / EOP
I was wondering if Outlook client blocks external css in HTML emails or Does EOP stipe out external css (link tag) from HTML emails ?. This is to protect inboxes from Ropemaker exploits. Whilst ATP's safelink can provide protection against malicious links and attachment, i was wondering if we have any other option to block external CSS in HTML emails in O365/EXO.
Thanks.
1 Reply
Microsoft doesn't consider this situation to be an actual https://msdn.microsoft.com/en-us/library/cc751383.aspx according to the response from the original advisory. So you may not get a definitive response but I think we can be reasonably certain if the situation changes and this is used by actors to attack customers, Microsoft will respond and protect or mitigate this threat.
