NoSpamProxy eliminates Emotet vulnerability in Office 365

In many cases, the banking trojan Emotet reaches IT infrastructures via contaminated Office files that contain so-called macros. A macro is a kind of micro application that performs a specific sequence of instructions, if permission has been granted. Cyber criminals have discovered a way to use macros to infect computers with Emotet and other malware. Because they are rarely needed, these macros can be prevented from running in Office 365, either manually or through Group Policy, if it weren’t for a glaring vulnerability in certain business versions of Office 365.

The BSI recommends deactivating macros

Group policies are an effective and everyday tool for administrators to implement settings and rules throughout the company. In many cases, the protection of the entire IT infrastructure depends on the configured group policies. With regard to protection against Emotet, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, abbreviated as BSI) recommends, among other things, disabling the execution of macros via Group Policy. If the administrator implements this, he or she must be able to rely on Group Policy to be effective.

Group policies have no effect

It is now known that most versions of Office 365 ignore the Group Policy settings. This creates a security hole that is a potential gateway for malicious code of all kinds. What is really perfidious is that this happens without the administrator being notified and only the inexpensive Business and Enterprise versions of Office 365 are affected while the more expensive Enterprise versions as well as Office Professional support Group Policies. This confusing, disparate behavior is documented by Microsoft, but is difficult to find in a list of service descriptions. Administrators who have disabled macros in Office files using Group Policy should immediately investigate whether they and their organization are affected by this vulnerability.

NoSpamProxy offers reliable protection

With NoSpamProxy you will render malicious macros useless. The content filter in NoSpamProxy reliably recognizes Word, Excel and PowerPoint files that contain macros and offers you various ways to react. For example, you can reject the entire email, remove the infected file completely or convert it into a harmless PDF. Alternatively, you can lock the file until manually approved by the administrator or upload it to the NoSpamProxy Sandbox for analysis. This way, NoSpamProxy enables you to guarantee the security of your company and the protection of your IT infrastructure.