Potential Security Threat: baseStriker Office 365 Vulnerability

Thursday, 10 May 2018

There is a recently discovered Office 365 vulnerability that takes advantage of a flaw in Microsoft’s security, including it’s advanced services (ATP, Safelinks, etc). The method, called baseStriker, allows hackers to split malicious links into two separate types and lines of code to disguise its content. Microsoft’s security system currently scans the two incomplete links individually and is thus unable to identify them as malicious.

This is being considered Office 365's largest ever security flaw. At this point, Microsoft has not released a fix.

So far, hackers have only been seen using this vulnerability to send phishing attacks, but it also has the capability of distributing ransomware, and other malicious content.

No matter how strong your security settings are, it’s always important to be mindful of emails that come through that are either unexpected or contain unusual requests. We recommend you take extra care when reviewing such emails and to contact your IT support immediately if one arises.Your security is not something that should be taken lightly.

Are you unsure of what characteristics to look out for when trying to identify a phishing email?

We have a detailed list available to ensure you are as prepared as can be. We also have a handy quiz to test your detection skills.

About the author

Yelena Mirsakova

As Marketing Coordinator at Techworks, Yelena adds creative flair to the world of technology. She digs into innovative ways to spread awareness of new services and programs and is here to get the word out to you.

Author's recent posts