Forum Discussion

CayetanoFrai's avatar
CayetanoFrai
Copper Contributor
Jun 02, 2022

Vulnerability in email validation processes, by Microsoft.

I guess I have detected a security breach in yourprocessof file análisis.

Whensomeonesends an email toan Azure or Office 365 email account, this email is validated by a computer whichan alyzesif there are attached files and ifthey can be malicious.

 

The computerinchargeofvalidatingtheattachments,putthe files inmemoryto revise theprocesses and in thatmoment a malicious program couldtake control ofthe Microsoft computer where thevalidation is being performed.

 

An Attacker can send an email to the client which includes a link to “Mega.io”. This link includes a monitoring program for computers and opens an inverse shell. In the computer to validation Microsoft.

Does anyone know something?. Or you can help, to report.

 

No RepliesBe the first to reply

Resources