Z-WASP Office 365 Bypass Vulnerability

Z-WASP is a zero-width space (ZWSP) vulnerability in Microsoft Office 365. An attacker could exploit this vulnerability to bypass all Office 365 security measures.

Threat ID:: CC-2881
Category:: Exploit
Threat Severity:: Medium
Threat Vector:: Vulnerability
Published:: 14 January 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Z-WASP is a zero-width space (ZWSP) vulnerability in Microsoft Office 365. An attacker could exploit this vulnerability to bypass all Office 365 security measures.

Affected platforms

The following platforms are known to be affected:

Microsoft Office

Microsoft Office 365

Threat details

The vulnerability lies in how Office 365 interprets URLs within the HTML of emails. An attacker can obfuscate a malicious URL by inserting a zero-width non-joiner in the middle of the text. Microsoft email processing will not interpret this as a genuine URL and subsequently will not apply the necessary security checks. Users who receive phishing emails would not be able to identify the ZWSPs in the URL.

Remediation steps

Type	Step
	Microsoft addressed this vulnerability in their January 2019 Security Update Summary and Deployment Information. Users and administrators are encouraged to review these guides and apply the necessary updates.

Last edited: 14 February 2020 2:51 pm