nci_horiz_logo

Call us Today: 800-723-5353

JOIN REMOTE SESSION
Support Portal
Flyout Menu
nci_horiz_logo
Flyout Menu

Call now: 800-723-5353

VULNERABILITY

Blocking Direct Send within Office365

The Blocking Direct Send within Office365 vulnerability​ allows any remote device to relay email to internal mailboxes while spoofing the from address to make it look like it’s coming from any other internal mailbox.

Resource link: https://techcommunity.microsoft.com/blog/exchange/introducing-more-control-over-direct-send-in-exchange-online/4408790 

Note: This is potentially being exploited in the wild.

Please review the scope of work below prior to authorizing NCI to remediate.

Scope of work:

Ensure all email sources using the customer’s domain name in the “From” field are properly routed into Office365 and configured for secure delivery.

Remediation work will take approximately 1-2 hours and is offered at a flat fee of $500.

Please note, normal email performance and function will remain during remediation work.

  1. Identify Email Sources

    • Locate all systems and services that send email using the customer’s domain name in the “From” field.
    • Common sources include:
      • Scan-to-email devices
      • Email marketing platforms (e.g., MailChimp)
      • Website contact forms
      • Any other third-party systems

  2. Configure Exchange Connector

    • Define all identified sources in a Connector within the Exchange Admin Center of Office365.
    • Ensure the connector is configured to allow mail flow from these sources to internal mailboxes within the tenant.

  3. Apply PowerShell Setting

    • Establish a PowerShell session to Exchange Online for the tenant.
    • Apply the required setting to finalize the configuration and ensure proper mail delivery.

  4. Attempt to direct send email via PowerShell to ensure this type of communication is blocked.

Please note: remediation and updates have the potential to cause other unforeseen issues or conflicts between software and/or hardware. If additional work is needed to get all systems and software to acceptable levels due to compatibility issues or conflicts, the time associated will be billed at time and materials.

By completing the following form, you agree to the scope of work and remediation estimate.

Do you authorize Network Center, Inc. to proceed with the remediation scope of work for the Blocking Direct Send within Office365? By clicking yes below, you are approving a fee of $500 to complete the remediation which will be billed after completion.

Remediation Authorization

The form you are trying to access is now closed.

To submit a remediation request for FortiOS – Critical Vulnerability on Out-of-bound Write in sslvpnd, please navigate to our Contact Us form. In your message, be sure to include the name of the vulnerability and specify that it is a remediation request.

We appreciate your understanding and look forward to assisting you with your request.