E-mails are still being an attack surface in the year 2022. Basic scamming campaigns are mostly decreased but threat actors still looking for vulnerabilities to hit the targets with e-mails. Of course, one of the most used e-mail clients in the world, Outlook, is mostly inspected for flaws by threat actors. Here is the newest one.
Attacking Windows users from Macs
Because of a bug on the Outlook Mac client, the e-mail hyperlinks are translated incorrectly. The incorrect translation enables delivering malicious links to the targets without getting caught by the e-mail security systems. Here is how it happens:
- An e-mail sent from Outlook Mac has a link as http://trustedexamplesite.com
- The link is hyperlinked as file:///maliciousexamplesite.com
- The e-mail translates the hyperlink to file:///trustedexamplesite.com
- The Outlook Windows user clicks the link; it automatically converts to HTTP version http://maliciousexamplesite.com
As these steps are complete, threat actors can do a variety of things such as directing the users to fake websites. This vulnerability is tracked as CVE-2020-0696 and is now patched by Microsoft via an automatic update. But users who are not using up-to-date Outlook clients might be at risk.
Trustwave, the security company that has found the vulnerability, has stated that they noticed attacks that were using this method. After the company informed Microsoft about the flaw, it was patched in February 2020. However, the patch did not cover all of the possible versions of the attack. The threat actors were still able to reproduce the attacks by using a hyperlink like http:/://maliciousexamplesite.com. The second method is also patched in the summer of 2021.
This shows the importance of keeping Office programs, especially Outlook, updated. And we still must be cautious about the links in e-mails.