• Outlook User
  • Exchange Admin
  • Office 365
  • Outlook Developer
  • Outlook.com
  • Outlook Mac
  • Outlook & iCloud
    • Common Problems
    • Outlook BCM
    • Utilities & Addins
    • Video Tutorials
    • EMO Archives
    • Outlook Updates
    • Outlook Apps
    • Forums

BadWinMail Exploit

Slipstick Systems

› Outlook › BadWinMail Exploit

Last reviewed on February 14, 2018     2 Comments

December 18, 2015 by Diane Poremsky 2 Comments

There are two newly discovered (and patched) in Outlook. The first is a remote code exploit and unlike many remote code vulnerabilities, which require the user to do something, like go to a web site or open a file, th RTF/TNEF security issue runs when a targeted person opens a message. The exploit is packed in an winmail.dat file and when Outlook renders the winmail.dat, the code runs. The second exploit uses OLE objects embedded in messages which are attached to other email messages.

If you haven't already installed the Security Update for Microsoft Office to Address Remote Code Execution (3116111), which was released on December 8 2015, you should do so as soon as possible. If you are unable to install the update, read mail in plain text or use a macro to convert RTF messages to plain text as they arrive.

It's also possible to set a registry key to prevent Outlook from loading Flash content.

HKEY_LOCAL_MACHINE\​SOFTWARE\​Microsoft\​Office\​Common\​COM Compatibility\​{D27CDB6E-AE6D-11cf-96B8-444553540000}
DWORD: Compatibility Flags
Value: 00000400

As always, user accounts with fewer user rights on the system could be less impacted than those who operate with administrative user rights.

For more information about this exploit, see https://sites.google.com/site/zerodayresearch/BadWinmail.pdf
A demo is available on YouTube

OLE Exploit

The OLE exploit is detailed here: #OLEOutlook - bypass almost every Corporate security control with a point’n’click GUI.

To mitigate this issue (and any new ones that crop up) you can configure Outlook to hide OLE attachments using group policy or setting a registry key.

Outlook 2016

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\security
DWORD: ShowOLEPackageObj
Value: 0

Outlook 2013

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Outlook\security
DWORD: ShowOLEPackageObj
Value: 0

Outlook 2010

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Outlook\security
DWORD: ShowOLEPackageObj
Value: 0

Outlook 2007

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\security
DWORD: ShowOLEPackageObj
Value: 0

More Information

Microsoft Security Bulletin MS15-131 - Critical

BadWinMail Exploit was last modified: February 14th, 2018 by Diane Poremsky

Related Posts:

  • Outlook Folder Homepages are missing
  • Disable the Unsafe Hyperlink Warning when Opening Attachments
  • Embedded Objects are Blocked in Outlook Items
  • Use Outlook's Contacts, not Contact Cards

About Diane Poremsky

A Microsoft Outlook Most Valuable Professional (MVP) since 1999, Diane is the author of several books, including Outlook 2013 Absolute Beginners Book. She also created video training CDs and online training classes for Microsoft Outlook. You can find her helping people online in Outlook Forums as well as in the Microsoft Answers and TechNet forums.

2
Leave a Reply

2500
Photo and Image Files
 
 
 
Audio and Video Files
 
 
 
Other File Types
 
 
 
2500
Photo and Image Files
 
 
 
Audio and Video Files
 
 
 
Other File Types
 
 
 

  Subscribe  
newest oldest most voted
Notify of
pcunite
pcunite

Wow,
Thank you for the information. Perhaps you should create an "Outlook Hardening" article. I just want to use it to read email!

Vote Up1-1Vote Down Reply
February 18, 2016 9:28 pm
Diane Poremsky
Diane Poremsky

Good idea. :)

Most users are at low risk from these kinds of exploits but it just takes one silly mistake...

Vote Up2-2Vote Down Reply
February 19, 2016 12:56 am

Visit Slipstick Forums.
What's New at Slipstick.com

Latest EMO: Vol. 24 Issue 3

Support Services

Do you need help setting up Outlook, moving your email to a new computer, migrating or configuring Office 365, or just need some one-on-one assistance?

Subscribe to Exchange Messaging Outlook






Our Sponsors

  • Popular
  • Latest
  • Week Month All
  • Adjusting Outlook's Zoom Setting in Email
  • The Signature or Stationery and Fonts button doesn't work
  • Security Certificate Warning in Microsoft Outlook
  • This operation has been cancelled due to restrictions
  • How to Remove the Primary Account from Outlook
  • Two Copies of Sent Messages in Outlook
  • iCloud error: Outlook isn't configured to have a default profile
  • Outlook's Rules and Alerts: Run a Script
  • Outlook is Not Recognized as the Default Email Client
  • Outlook and Gmail's Less Secure Apps Setting
  • Outlook.com: Manage Subscriptions
  • Group By Views don’t work in To-Do List
  • Category shortcuts don’t work
  • How to disable the Group By view in Outlook
  • Adjusting Outlook's Zoom Setting in Email
  • Change the Subject of an Incoming Message
  • Creating Signatures in Outlook
  • Scheduling a Recurring Message
  • OneNote is missing from Office 365 / 2019
  • Create Rules using PowerShell
Ajax spinner

Newest VBA Samples

Adjusting Outlook's Zoom Setting in Email

Move email items based on a list of email addresses

Remove prefix from Gmail meeting invitations

How to hide LinkedIn, Facebook, Google and other extra contact folders in Outlook.com

Use VBA to create a Mail Merge from Excel

Open multiple Outlook windows when Outlook starts

Set most frequently used Appointment Time Zones

How to change the From field on incoming messages

VBA: File messages by client code

Update Contact Area Codes

Recent Bugs List

Microsoft keeps a running list of issues affecting recently released updates at Fixes or workarounds for recent issues in Outlook for Windows.

Windows 10 Issues

  • iCloud, Outlook 2016, and Windows 10
  • Better Outlook Reminders?
  • Coming Soon to Windows 10: Office 365 Search
  • Outlook Links Won’t Open In Windows 10
  • BCM Errors after Upgrading to Windows 10
  • Outlook can’t send mail in Windows 10: error Ox800CCC13
  • Missing Outlook data files after upgrading Windows?

Outlook 2016 Top Issues

  • The Windows Store Outlook App
  • Emails are not shown in the People Pane (Fixed)
  • Calendars aren’t printing in color
  • The Signature or Stationery and Fonts button doesn’t work
  • Outlook’s New Account Setup Wizard
  • BCM Errors after October 2017 Outlook Update
  • Excel Files Won’t Display in Reading Pane
  • Outlook 2016: No BCM
  • Exchange Account Set-up Missing in Outlook 2016

Repair PST

Convert an OST to PST

Repair damaged PST file

Repair large PST File

Remove password from PST

Merge Two Data Files

Sync & Share Outlook Data

  • Share Calendar & Contacts
  • Synchronize two computers
  • Sync Calendar and Contacts Using Outlook.com
  • Sync Outlook & Android Devices
  • Sync Google Calendar with Outlook
  • Access Folders in Other Users Mailboxes
  • “Live” Group Calendar Tools

Convert to / from Outlook

  • Converting Messages and Calendar or
    Address books
  • Moving Outlook to a New Computer
  • Moving Outlook 2010 to a new Windows computer
  • Moving from Outlook Express to Outlook

Recover Deleted Items

  • Recover deleted messages from .pst files
  • Are Deleted Items gone forever in Outlook?

Outlook 2013 Absolute Beginner's Guide

Diane Poremsky [Outlook MVP]

Make a donation

Calendar Tools

Schedule Management

Calendar Printing Tools

Calendar Reminder Tools

Calendar Dates & Data

Time and Billing Tools

Meeting Productivity Tools

Duplicate Remover Tools

Mail Tools

Sending and Retrieval Tools

Mass Mail Tools

Compose Tools

Duplicate Remover Tools

Mail Tools for Outlook

Online Services

Productivity

Productivity Tools

Automatic Message Processing Tools

Special Function Automatic Processing Tools

Housekeeping and Message Management

Task Tools

Project and Business Management Tools

Choosing the Folder to Save a Sent Message In

Run Rules on messages after reading

Help & Suggestions

Outlook Suggestion Box (UserVoice)

Slipstick Support Services

Contact Tools

Data Entry and Updating

Duplicate Checkers

Phone Number Updates

Contact Management Tools

Sync & Share

Share Calendar & Contacts

Synchronize two machines

Sharing Calendar and Contacts over the Internet

More Tools and Utilities for Sharing Outlook Data

Access Folders in Other Users Mailboxes

View Shared Subfolders in an Exchange Mailbox

"Live" Group Calendar Tools

Home | Outlook User | Exchange Administrator | Office 365 | Outlook.com | Outlook Developer
Outlook for Mac | Outlook BCM | Common Problems | Utilities & Addins | Tutorials
Outlook & iCloud Issues | Outlook Apps
EMO Archives | About Slipstick | Advertise | Slipstick Forums
Submit New or Updated Outlook and Exchange Server Utilities

Send comments using our Feedback page
Copyright © 2019 Slipstick Systems. All rights reserved.
Slipstick Systems is not affiliated with Microsoft Corporation.

You are going to send email to

Move Comment