05-09-2018 , 12:21 AM
Quote:A new zero-day vulnerability known as baseStriker allows miscreants to send malicious emails that bypass security systems on Office 365 accounts.
Discovered last week, on May 1, 2018, by security researchers from Avanan, baseStriker is a flaw in how Office 365 servers scan incoming emails.
The HTML tag at the center of baseStriker
At the center of this vulnerability is the < base > HTML tag. This is a seldom used tab, but developers declare it in the < head > section of an HTML document (web page), and its purpose is to establish a base URL for relative links.
For example, a website might declare a base URL like this:
Code:< base href = "https://www.example.com" / >
Once declared, developers can include links to content hosted on the base URL without typing the whole thing, like so:
Code:< img src = "/images/slider/photo-1.png" / >
Under the hood, the HTML rendering engine (usually a browser) will merge the base URL with the relative path and come with:
Code:https://www.example.com/images/slider/photo-1.png
Office 365 doesn't support the "base" HTML tag
The problem, according to Avanan, is that Office 365's security systems don't appear to support base URLs.
An attacker can simply send out a rich-text-formatted email with the following structure and Office 365 won't be able to scan and detect any malware hosted on the URLs.
Read the article:
HERE