Security Alert: New Exploit Affecting Microsoft 365 Direct Send Feature

The Omega Systems team is reaching out to customers to make them aware of a newly identified security exploit that impacts Microsoft 365 users who utilize the ‘Direct Send’ capability. This exploit allows attackers to spoof internal email users, potentially bypassing traditional security measures and spam filters.

What is ‘Direct Send’? Microsoft’s ‘Direct Send’ is a legitimate feature allowing email sources such as printers, applications or internal systems to appear as internal users. This process bypasses traditional authentication methods like SPF, DKIM, and DMARC, which typically verify an email sender’s domain.

Potential Risks This vulnerability allows attackers to impersonate internal users, making malicious emails appear legitimate and avoiding traditional external security filters. As a result, these emails can increase the risk of successful phishing attacks and the unauthorized exposure of sensitive information.

Omega’s Response We are actively developing a remediation plan to address this vulnerability and disable the ‘Direct Send’ feature for affected customers. Our aim is to reach out to you directly to advise when we will be facilitating the necessary changes ‘behind the scenes for your organization. Though we expect there to be minimal impact on user productivity, we want to ensure you, and your employees are aware of when changes will be made in the environment to address this issue.

In the meantime, we strongly advise you to remain vigilant and report suspicious emails or activity to your IT team or using built-in phishing alert tools.

If you have questions or need immediate assistance, please reach out to your Account Manager or Customer Success Manager or contact our Service Desk.