"Ghost-Sender" uses Exchange Online or on-premises in hybrid mode with a third-party mail server or spam filter to achieve this level of spoofing.
Originally published at darkreading.com
SecurityAI-assisted1 min read
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
A vulnerability dubbed 'Ghost-Sender' has been discovered in Microsoft Exchange that allows attackers to spoof any email address. The flaw specifically affects Exchange Online or on-premises deployments running in hybrid mode when configured with third-party mail servers or spam filters, enabling sophisticated email impersonation attacks.
▸ Want a deeper look?
Talk to an architect about applying this to your stack.
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
