By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    A Malware Classification -Kaspersky Daily
    8 months ago
    Superfish: adware preinstalled on Lenovo laptops
    8 months ago
    Russian-speaking cyber spies from Turla APT group exploit satellites
    8 months ago
    Latest News
    Safeguards against firmware signed with stolen MSI keys
    2 days ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    2 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
    7 days ago
    Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Surface Pro released and the 128 GB version already sold out at the online Microsoft Store [Updated]
    8 months ago
    Windows 11 build 22622.590 (KB5017846) outs in the Beta Channel
    8 months ago
    How to protect computer from virus and hackers on Windows 11
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    What is two-factor authentication | Kaspersky official blog
    3 days ago
    Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
    5 days ago
    NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
    5 days ago
    How Oxy uses hooks for maximum extensibility
    How Oxy uses hooks for maximum extensibility
    6 days ago
    The personal threat landscape: securing yourself smartly
    6 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    December 8 at 10:00 an online event Technical Marathon Microsoft Dynamics 365
    8 months ago
    Chrome 88: What's new?
    8 months ago
    Android 11 will receive another DP instead of Beta
    8 months ago
    Latest News
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    3 days ago
    How to enable Taskbar End Task option to close apps on Windows 11
    3 days ago
    How to check USB4 devices specs from Settings on Windows 11
    3 days ago
    How to enable new header UI for File Explorer on Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: BadWinmail: How your PC can be infected with just one email you didn’t actually open
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
AppsWordpress Threats

BadWinmail: How your PC can be infected with just one email you didn’t actually open

Vitus White
Last updated: 13 October
Vitus White 8 months ago
Share
5 Min Read

We’ve told you this time and time again: never click suspicious links, never open files received from unknown sources, always delete mail from untrusted senders. While all of these pieces of advices are good, they can’t help you if you’re using Outlook as those precautions won’t protect you from the BadWinmail vulnerability. You don’t need to click or open anything to become infected. You just receive one email – and that’s it. In fact, you don’t even need to open this email.

How your PC can be infected with just one email you didn't actually read

How’s that possible?

If you’re familiar with Microsoft Office, you probably know that objects can be embedded in MS Office files. Not any objects, but the list is quite long. This is called OLE technology, or Object Linking and Embedding.

Logo for #BadWinMail ? pic.twitter.com/gP45Iq3ShE

— Erlend Oftedal (@webtonull) December 16, 2015

It turned out, that this technology works not only in DOC, XLS and so on, but in Outlook email as well. It also turned out, that the above mentioned objects list besides generic MS Office stuff, includes such cool things as Adobe Flash objects.

Do you know why cybercriminals love Flash so much? Because there are lots of vulnerabilities in Flash. Some of these bugs are zero-days, which means they’re unpatched. These vulnerabilities can be exploited to do some things to your PC you definitely won’t like.

Adobe Patches 23 Critical Vulnerabilities in Flash Player: https://t.co/ON2iKYKk5f via @threatpost pic.twitter.com/29dRbc5KTI

— Kaspersky Lab (@kaspersky) September 21, 2015

It is a well known issue, and in order to fight it, most developers do the same simple thing: they allow Flash content to be run in their software (for example, browsers) only in so-called ‘sandboxes’. Malicious code can do anything inside these sandboxes, even start some fancy cyber-apocalypse.

But the idea is, that it can’t escape the sandbox and thus won’t affect anything outside it, so your files won’t be corrupted. Well, at least it is designed to be like that — sometimes this trick doesn’t work, but that is another story for another day. It is definitely not the case here.

If you’re waiting for the third ‘it turned out,’ here you go. It turned out, that Outlook doesn’t use these type of sandboxes trick for potentially dangerous objects and runs everything in normal mode. It means that malicious code in embedded objects can act like any other software you installed on your PC.

What is #BadWinmail vulnerability and why it is really bad

Tweet

The problem does not end with those three tidbits of bad news. Outlook is so obliging that it opens the newest email before you do it. Thus if malicious email with BadWinmail exploit attached is the newest in your Inbox, it is executed immediately when you start the Outlook.

Haifei Li, security researcher who has discovered the bug, created proof of concept of a possible attack exploiting the BadWinmail vulnerability, as he called it. He describes it in surprisingly simple words in his research.

He even created this relatively short video, which perfectly explains the core idea of how this vulnerability actually works:

Special Report: #BadWinmail – The “Enterprise Killer” Attack Vector in #Microsoft #Outlook
https://t.co/pOTNIh6bQs. https://t.co/BaDEBZXCSm.

— Haifei Li (@HaifeiLi) December 15, 2015

To understand why it is really bad, just imagine some bad guy who instead of opening harmless Calculator app runs ransomware on your PC.

The good news is Haifei Li had reported this bug to Microsoft and the company fixed this issue on December 8. The bad news is, people who are not used to updating their software quickly still have this vulnerability. And many of them will have it for weeks, months, or even years.

#IT #Tip Disable the “remind me later” button to ensure critical updates installed https://t.co/jVKXcJ1vWm #infosec pic.twitter.com/KNnlnjk0Ej

— Kaspersky Lab (@kaspersky) November 5, 2015

Since the report was published openly, lots of cyber-criminals will definitely try to use this vulnerability to infect thousands or even millions of PCs through this. And if you have ever wondered, is it really so important to always update all your software immediately and to use security software, I guess, now you have new good reasons to answer this question in the affirmative.


Source: kaspersky.com

Translate this article

TAGGED: Microsoft, Microsoft Office, RC4, Sandbox Escape, Security, Software, Threats, Vulnerabilities
Vitus White October 13, 2022 October 7, 2022
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Safeguards against firmware signed with stolen MSI keys
Threats 2 days ago
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Wordpress Threats 2 days ago
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
News 3 days ago
How to enable Taskbar End Task option to close apps on Windows 11
News 3 days ago
How to check USB4 devices specs from Settings on Windows 11
News 3 days ago

Recent Posts

  • Safeguards against firmware signed with stolen MSI keys
  • WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
  • How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
  • How to enable Taskbar End Task option to close apps on Windows 11
  • How to check USB4 devices specs from Settings on Windows 11

You Might Also Like

Threats

Safeguards against firmware signed with stolen MSI keys

2 days ago
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Wordpress Threats

WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin

2 days ago
News

How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11

3 days ago
How To

What is two-factor authentication | Kaspersky official blog

3 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

What is two-factor authentication | Kaspersky official blog
Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
How Oxy uses hooks for maximum extensibility
The personal threat landscape: securing yourself smartly
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
Previous Next
Hot News
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
How to enable Taskbar End Task option to close apps on Windows 11
How to check USB4 devices specs from Settings on Windows 11
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?