ShortRead: A suspicious email sent to Outlook users can control user’s system, though, Microsoft has introduced a patch for the issue but still several users remain vulnerable.
This bug was discovered by a security researcher “Haifei Li” and named it BadWinmail. His technical report suggested the vulnerability was very easy to exploit and doesn’t require much interaction with the outlook’s user.
The user is only required to view the mail that contains malicious Flash file, once viewed by the user, the attacker is through.
Flash- the main culprit!
The main problem is with Flash which already has several known issues and is supported via Object Linking and Embedding (OLE) which allows any type of embedding inside office documents so with Flash vulnerable and a flaw in outlook’s sandboxing system this had to happen.
Once a user opens the malicious email OLE mechanism loads up the Flash file inside the email for user’s preview, here security sandboxing system vulnerability is exploited and the user gets infected by the malicious Flash file attached in the mail; the is not required to download it.
It gets worse
What’s worse about this Badwinmail attack is that it allows attackers to install more malicious material on the user’s system. According to the researcher:
“It’s also a wormable issue rarely seen on Windows platform nowadays.”
This type of attack is popular in APT groups or cyber-espionage agencies that are focused on smaller, individual targets. So, for all the Outlook users it is important to install the security patch Microsoft sent out on 9th of December to keep their systems secure.
Below is a video demonstration of the attack: