Z-WASP Office 365 Bypass Vulnerabilit

Z-WASP is a zero-width space (ZWSP) vulnerability in Microsoft Office 365. An attacker could exploit this vulnerability to bypass all Office 365 security measures.

The name Z-WASP references the zero-width space (‌) that hackers added to the middle of a malicious URL within the RAW HTML of the email. With all these special characters breaking up the URL, Microsoft email processing didn’t not recognize the URL for what it was, so domain reputation checks and Safe Links didn’t apply.

The vulnerability lies in how Office 365 interprets URLs within the HTML of emails. An attacker can obfuscate a malicious URL by inserting a zero-width non-joiner in the middle of the text. Microsoft email processing will not interpret this as a genuine URL and subsequently will not apply the necessary security checks. Users who receive phishing emails would not be able to identify the ZWSPs in the URL.

Affected Platforms:

  • Microsoft Office 365

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: