By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Cross-Site Scripting: The Real WordPress Supervillain
    Cross-Site Scripting: The Real WordPress Supervillain
    12 months ago
    Hackers targeting your smartphone
    12 months ago
    Improved Version of CTB-Locker (Onion Ransomware) Emerges
    12 months ago
    Latest News
    Two privilege escalation vulnerability in Simple Membership Plugin
    11 hours ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
    7 days ago
    Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog
    1 week ago
    Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Cloudflare Notification about increase in ransom DDoS threats
    12 months ago
    Windows 11 build 25169 outs with new features
    12 months ago
    How to enable Bluetooth on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    7 months ago
    Now you can speed up any video in your browser
    7 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    8 months ago
  • How To
    How ToShow More
    How to get the latest Windows 11 innovations
    14 hours ago
    Dynamic Lighting is now available on Windows 11
    14 hours ago
    Writing poems using LLama 2 on Workers AI
    Writing poems using LLama 2 on Workers AI
    14 hours ago
    serverless GPU-powered inference on Cloudflare’s global network
    serverless GPU-powered inference on Cloudflare’s global network
    14 hours ago
    You can now use WebGPU in Cloudflare Workers
    You can now use WebGPU in Cloudflare Workers
    14 hours ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to personalize news in Google Discover?
    11 months ago
    How to make a surveillance camera out of your smartphone
    11 months ago
    Top 5 signs you're being bugged and how to fix it
    11 months ago
    Latest News
    How to install September 2023 update with 23H2 features for Windows 11
    19 hours ago
    How to uninstall September update (KB5030310) from Windows 11
    19 hours ago
    How to remove the quiet mode icon in the corner of the iPhone 15 screen ProiPhone 15 Pro and iPhone
    2 days ago
    Sberbank has figured out how to effectively catch scammers – it will listen to everything you
    2 days ago
  • Glossary
  • My Bookmarks
Reading: BadWinmail: How your PC can be infected with just one email you didn’t actually open
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
AppsWordpress Threats

BadWinmail: How your PC can be infected with just one email you didn’t actually open

Vitus White
Last updated: 13 October
Vitus White 12 months ago
Share
5 Min Read

We’ve told you this time and time again: never click suspicious links, never open files received from unknown sources, always delete mail from untrusted senders. While all of these pieces of advices are good, they can’t help you if you’re using Outlook as those precautions won’t protect you from the BadWinmail vulnerability. You don’t need to click or open anything to become infected. You just receive one email – and that’s it. In fact, you don’t even need to open this email.

How your PC can be infected with just one email you didn't actually read

How’s that possible?

If you’re familiar with Microsoft Office, you probably know that objects can be embedded in MS Office files. Not any objects, but the list is quite long. This is called OLE technology, or Object Linking and Embedding.

Logo for #BadWinMail ? pic.twitter.com/gP45Iq3ShE

— Erlend Oftedal (@webtonull) December 16, 2015

It turned out, that this technology works not only in DOC, XLS and so on, but in Outlook email as well. It also turned out, that the above mentioned objects list besides generic MS Office stuff, includes such cool things as Adobe Flash objects.

Do you know why cybercriminals love Flash so much? Because there are lots of vulnerabilities in Flash. Some of these bugs are zero-days, which means they’re unpatched. These vulnerabilities can be exploited to do some things to your PC you definitely won’t like.

Adobe Patches 23 Critical Vulnerabilities in Flash Player: https://t.co/ON2iKYKk5f via @threatpost pic.twitter.com/29dRbc5KTI

— Kaspersky Lab (@kaspersky) September 21, 2015

It is a well known issue, and in order to fight it, most developers do the same simple thing: they allow Flash content to be run in their software (for example, browsers) only in so-called ‘sandboxes’. Malicious code can do anything inside these sandboxes, even start some fancy cyber-apocalypse.

But the idea is, that it can’t escape the sandbox and thus won’t affect anything outside it, so your files won’t be corrupted. Well, at least it is designed to be like that — sometimes this trick doesn’t work, but that is another story for another day. It is definitely not the case here.

If you’re waiting for the third ‘it turned out,’ here you go. It turned out, that Outlook doesn’t use these type of sandboxes trick for potentially dangerous objects and runs everything in normal mode. It means that malicious code in embedded objects can act like any other software you installed on your PC.

What is #BadWinmail vulnerability and why it is really bad

Tweet

The problem does not end with those three tidbits of bad news. Outlook is so obliging that it opens the newest email before you do it. Thus if malicious email with BadWinmail exploit attached is the newest in your Inbox, it is executed immediately when you start the Outlook.

Haifei Li, security researcher who has discovered the bug, created proof of concept of a possible attack exploiting the BadWinmail vulnerability, as he called it. He describes it in surprisingly simple words in his research.

He even created this relatively short video, which perfectly explains the core idea of how this vulnerability actually works:

Special Report: #BadWinmail – The “Enterprise Killer” Attack Vector in #Microsoft #Outlook
https://t.co/pOTNIh6bQs. https://t.co/BaDEBZXCSm.

— Haifei Li (@HaifeiLi) December 15, 2015

To understand why it is really bad, just imagine some bad guy who instead of opening harmless Calculator app runs ransomware on your PC.

The good news is Haifei Li had reported this bug to Microsoft and the company fixed this issue on December 8. The bad news is, people who are not used to updating their software quickly still have this vulnerability. And many of them will have it for weeks, months, or even years.

#IT #Tip Disable the “remind me later” button to ensure critical updates installed https://t.co/jVKXcJ1vWm #infosec pic.twitter.com/KNnlnjk0Ej

— Kaspersky Lab (@kaspersky) November 5, 2015

Since the report was published openly, lots of cyber-criminals will definitely try to use this vulnerability to infect thousands or even millions of PCs through this. And if you have ever wondered, is it really so important to always update all your software immediately and to use security software, I guess, now you have new good reasons to answer this question in the affirmative.


Source: kaspersky.com

Translate this article

TAGGED: Microsoft, Microsoft Office, RC4, Sandbox Escape, Security, Software, Threats, Vulnerabilities
Vitus White October 13, 2022 October 7, 2022
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Two privilege escalation vulnerability in Simple Membership Plugin
Two privilege escalation vulnerability in Simple Membership Plugin
Wordpress Threats 14 hours ago
How to get the latest Windows 11 innovations
Windows 14 hours ago
Dynamic Lighting is now available on Windows 11
Windows 14 hours ago
Writing poems using LLama 2 on Workers AI
Writing poems using LLama 2 on Workers AI
Apps 14 hours ago
serverless GPU-powered inference on Cloudflare’s global network
serverless GPU-powered inference on Cloudflare’s global network
Apps 14 hours ago

You Might Also Like

Two privilege escalation vulnerability in Simple Membership Plugin
Wordpress Threats

Two privilege escalation vulnerability in Simple Membership Plugin

14 hours ago
Windows

How to get the latest Windows 11 innovations

14 hours ago
Writing poems using LLama 2 on Workers AI
Apps

Writing poems using LLama 2 on Workers AI

14 hours ago
serverless GPU-powered inference on Cloudflare’s global network
Apps

serverless GPU-powered inference on Cloudflare’s global network

14 hours ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
Critical Vulnerability in Forminator Plugin
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme
How to download Windows 11 22H2 ISO after 23H2 releases
Previous Next

10 New Stories

You can now use WebGPU in Cloudflare Workers
How to install September 2023 update with 23H2 features for Windows 11
How to uninstall September update (KB5030310) from Windows 11
Traffic anomalies and notifications with Cloudflare Radar
Sippy helps you avoid egress fees while incrementally migrating data from S3 to R2
the modern way to connect and protect your clouds, networks, applications and users
Previous Next
Hot News
Two privilege escalation vulnerability in Simple Membership Plugin
How to get the latest Windows 11 innovations
Dynamic Lighting is now available on Windows 11
Writing poems using LLama 2 on Workers AI
serverless GPU-powered inference on Cloudflare’s global network
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?