Is Your Microsoft Outlook Web Access Secure?

by Sachin Malhotra Technology Evangelist

Recently security research reports revealed a new vulnerability in the Outlook Web Access Security (OWAS). It was found that accessing Outlook from a remote location leaves the e-mail server vulnerable to hacking because the OWA server gets exposed both internally and externally. Such a scenario is called the “zero-day vulnerability” that allows the hackers to retain ownership over a huge set of credentials, allowing them to maintain persistent control over the individual and company’s environment for several months. Now, you can imagine what a greater threat lies to the critical business and financial data, if the vulnerability is not fixed.

Outlook Web Access (OWA) is a Web-based Microsoft Exchange Server installed in organizations to render internal emailing capabilities. It is starkly different from other noted web servers in the context that supports an internal infrastructure and connects over the Internet, which makes it transitional between the DMZ, internal server, and the Web. This unique liaison makes Microsoft's Outlook Web Application super efficient, but it creates a risky entrance that allows the hackers to steal e-mail authentication credentials from users. Therefore, the need of Two Factor Authentication solutions with the present Outlook credential is really important

As per reports, researchers detected “behavioural abnormalities” via a suspicious OWAAUTH.dll file, loaded into the OWA server. The file was was unsigned and loaded from another directory. Upon further analysis, it was discovered the file was siphoning requests for decrypted HTTPS server. It was thus the OWAAUTH.dll file that facilitated the hackers to gather users login information, password and access to their e-mails. To prevent the risky backdoor from being removed, the hackers create an IIS Microsoft's Web server filter that allows the malicious OWAAUTH.dll file to upload, each time the server is restarted. The tenacious hackers used a .NET assembly cache to avoid an audit and security inspection.

To combat this security glitch, Microsoft has proposed security recommendation to protect critical business, financial and personal data. The company believes if the Exchange Server is properly installed, secured, and managed, there is no threat of cyber attacks. However, if such an attack takes place, it can only be initiated by users who have administrative rights to access the server’s file system and services, or an individual who has gained permission to log into the Exchange Server console, with the rights to replace Exchange system files, and perform an Internet Information Server (IIS) reset.

Thus, companies and individuals must be cautious in using OWA server, if they require a Virtual Private Network (VPN) connection. Rather, they must install the Microsoft Outlook two factor authentication (2FA) method on the servers to prevent such kind of attacks.