Microsoft Exchange 'Ghost-Sender' Flaw Enables Widespread Email Spoofing

A newly identified vulnerability in Microsoft Exchange, termed 'Ghost-Sender', allows attackers to spoof any email address, bypassing standard email authentication controls. This flaw affects organizations using Exchange Online or hybrid configurations with third-party mail servers, enabling forged messages to be delivered directly to users' inboxes. Swiss cybersecurity firm InfoGuard reported that this misconfiguration is widespread, with fewer than half of affected organizations applying mitigations. Attackers can impersonate internal and external email addresses, raising the risk of phishing and fraud. Microsoft has acknowledged the issue, with indications that it is being actively exploited. Mitigations include setting up partner organization connectors or creating specific mail flow rules. InfoGuard has also developed a testing tool to help organizations identify vulnerabilities in their configurations.

Key Points: • The 'Ghost-Sender' flaw allows email spoofing from any address in Microsoft Exchange environments. • Less than 50% of organizations with vulnerable configurations have applied mitigations. • Mitigations involve setting up connectors or mail flow rules to prevent spoofing.