NoSpamProxy closes emotet vulnerability in Office 365

In many cases, the banking Trojan Emotet reaches IT infrastructures via contaminated Office files containing so-called macros. A macro is a kind of mini-program that – if permission has been granted – executes a specific sequence of instructions. Cyber criminals have used macros to find a way to infect computers with emotet and other malware. Because they are often not needed, these macros can be prevented from running in Office 365, either manually or through Group Policy – if it weren’t for a glaring vulnerability in certain business versions of Office 365.eklatante Sicherheitslücke in bestimmten Business-Versionen von Office 365.

The BSI recommends deactivating macros

Group policies are an effective and daily used tool for administrators to implement settings and rules throughout the company. Often the protection of the entire IT infrastructure depends on the configured group policies. With regard to protection against emotet, the German Federal Office for Information Security (BSI) recommends, among other things, deactivating the execution of macros via group policy. If the administrator implements this, he or she must be able to rely on Group Policy to be effective.

Group policies do not work

It is now known that most versions of Office 365 ignore the Group Policy settings. This creates a security hole that is a potential gateway for malicious code of all kinds. The perfidious thing is that this happens without notification of the administrator and only the low-cost business and enterprise versions of Office 365 are affected; the more expensive enterprise versions and Office Professional support Group Policies. This confusing, disparate behavior is documented by Microsoft, but is difficult to find in a list of service descriptions. Administrators who have disabled macros in Office files using Group Policy should immediately investigate whether they and their organization are affected by this vulnerability.

Still secure – with NoSpamProxy

With NoSpamProxy you can make malicious macros harmless – guaranteed. The content filter in NoSpamProxy reliably detects Word, Excel and PowerPoint files containing macros and offers you various ways to react. For example, you can reject the entire e-mail, remove the contaminated file completely or convert it into a harmless PDF. Alternatively, you can lock the file until it is manually released by the administrator or upload it to the NoSpamProxy Sandbox for analysis. In this way you can guarantee the security of your company and the protection of your IT infrastructure with NoSpamProxy.