Among the many vulnerabilities highlighted by Microsoft on the newest patch Tuesday on November 12 was CVE-2024-49040 in Alternate. Its exploitation permits an attacker to create emails which might be displayed within the sufferer’s interface with a totally official sender handle. It will appear that the vulnerability was mounted, however, because it turned out, on November 14, Microsoft briefly suspended distribution of the updates for Alternate Server. Within the meantime, we’ve already noticed makes an attempt to use this vulnerability. Thus far the instances have been remoted: it appears like somebody is testing the proof of idea. That’s why we at Kaspersky’s Content material Filtering Strategies Analysis Division have added to all our e mail safety options a way for detection of makes an attempt to make use of CVE-2024-49040 for spoofing.
What’s the issue with the CVE-2024-49040 vulnerability?
CVE-2024-49040 is a vulnerability with a CVSS ranking of seven.5 that’s related for Alternate Server 2019 and Alternate Server 2016 and labeled as “necessary”. Its essence lies in an incorrectly formulated P2 FROM header processing coverage. An attacker can use it to have this header include two e mail addresses: the true one – which is hidden from the sufferer, and the official one – which is proven to the sufferer. Because of this, Microsoft Alternate accurately checks the sender’s handle, however exhibits the recipient a totally completely different one which doesn’t look suspicious to the person (for instance, an inside handle of an worker of the identical firm).
With the November 12 patch, Microsoft added a brand new characteristic that detects P2 FROM headers that don’t adjust to the RFC 5322 web message format normal, and that ought to have mounted the state of affairs. Nonetheless, based on a put up on the Microsoft weblog, some customers started to have issues with the Transport guidelines, which generally stopped working after putting in the replace. Due to this fact, distribution of the replace was suspended and will probably be resumed after it’s re-released.
keep secure
To forestall your organization’s staff from being misled by exploitation of CVE-2024-49040, we’ve added a rule for detecting makes an attempt to use it to all related options which might be used to guard company mail. It really works in Kaspersky Safety for Microsoft Alternate Server, Kaspersky Safety for Linux Mail Server, and Kaspersky Safe Mail Gateway.