Windows 10: Ropemaker - new Exploit for Desktop Email Clients


  1. Posts : 10,756
    Windows 10 (Pro and Insider Pro)
       23 Aug 2017 #1

    Ropemaker - new Exploit for Desktop Email Clients


    Mimecast (Email security vendor) has publish a warning today about possible email exploit called Ropemaker.

    A new type of email exploit could affect all kind of computer users, even the most advanced. Practically all desktop email clients are vulnerable to this exploit if sending message in html format.

    Read more at www.eweek.com | security/ropemaker-email-exploit-exposes-desktop-clients-to-security-risks

    The Ropemaker attack abuses desktop email client functionality that enables email messages to pull CSS (Cascading Style Sheet) information from a remote location. Mimecast's researchers found that an attacker can inject or replace CSS information with malicious information that could lead to exploitation.
      My ComputerSystem Spec


  2. Posts : 10,756
    Windows 10 (Pro and Insider Pro)
    Thread Starter
       24 Aug 2017 #2

    I'm not sure, if everybody understands how easy this vulnerability is to exploit (since there is no discussion here), I'm posting link to another coverage of it: BleepingComputer | ropemaker-lets-attackers-change-your-emails-after-delivery

    ROPEMAKER which stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky revolves around the idea that an attacker sends an email in HTML format to a victim, but instead of using inline or embedded CSS code to decorate the text, it uses a CSS file loaded from his server.
    The purpose is to write and send an initially benign email, which the attacker modifies at a later date by altering the content of the CSS file hosted on his server.

    ROPEMAKER attack fools current email security products

    The initial benign email passes local email security scanners installed on the target's network, but any changes to the email's content aren't picked up when they happen.
    This is because email security systems don't re-scan emails delivered to users' inboxes, but only incoming emails at the time of their delivery.
      My ComputerSystem Spec


 

Related Threads
Anti-virus freezes email clients in AntiVirus, Firewalls and System Security
I recently posted a question about my email clients not making connections. (Windows Live Mail and others). Email connection question Solved - Windows 10 Forums After a long chat with a Microsoft agent the problem was solved and I happily...
Source: Remote Desktop Clients Enterprise Mobility and Security Blog
Hi there I am a first time user of this forum. Using Outlook 365 on Windows 10 Desktop PC Email attachments do not appear when saved to my Desktop. They do save in Downloads but not on the Desktop. Very frustrating:mad: Any suggestions?
Anyone tried Incredimail 2.5, Thunderbird, WLM and ilk yet?
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 03:39.
Find Us