Microsoft is in the spotlight once again. SC Magazine UK has just reported that a problem concerning the Advanced Threat Protection module has been unveiled. The problem exists within the Safe Links component of the product. It allows malicious URLs to pass through the premium email protection utility.
Microsoft has been alarmed about the vulnerability but apparently hasn’t done anything to fix it. At least that’s what SC’s investigation indicates. Read on to learn the whole story.
How Does Advanced Threat Protection Work?
Read from the source: https://products.office.com/en-us/exchange/online-email-threat-protection
As visible, the enterprise users of Office 365 can pay an additional fee so that they can use the ATP service. The service itself has two components:
- Safe Attachments – designed to analyze the attachments.
- Safe Links – designed to provide real-time protection when opening an URL.
Basically, the Safe Links component rewrites URL links to transmit the HTTP request through MS’s servers. Once the user clicks on the link, MS goes through the web page to check for malware before authorizing the URL. The user should receive a warning in case the web site is blocked or malware-contaminated.
What’s Not Right with ATP’s Safe Links
An IT professional has reached out to SC Magazine and has told them that he had issued a complaint to MS in September. According to his own experience with ATP’s Safe Links, the component wasn’t functioning properly in all instances. As he disclosed the vulnerability to MS, he expected it to be fixed sooner rather than not at all. Microsoft admitted to the problem (malicious links passing through the ATP) and had to sort it out by September 4.
Since the vulnerability is not yet addressed officially, the IT professional didn’t want specific details of it being released to the public.
This is what he told SC Magazine:
“Microsoft has admitted they need to recode. When you pay extra for ATP and Safe Links, you don’t expect this. Safe Links is designed to protect you against what I call the Jamie Oliver exploit: a link that looks clean when it goes through the email server today could direct you to a website with malware tomorrow.”
The media has asked Microsoft for a statement. However, a statement wasn’t received at the time of their article’s publication.