Try our new Certificate Revocation List Check Tool
CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files.
Category published:  Deployment GPO | Gruppenrichtlinien W10   Click on the Category button to get more articles regarding that product.

EFAIL and Microsoft GPO Policy Chaos

Posted by admin on 16.05.2018

Problem:

There is a man-in-the-middle leak where you can capture an E-Mail (Only if you have access to the flow) attach a content

And if the CLIENT does autoload (When you open the E-Mail) external pictures get content. Now this would not be too complicated if there where

No newsletters where people store large pictures external on webserver and the users want that active the moment the get the E-Mail.

Remember your Outlook.exe at home blocks the pictures and you have to manual download them with right click.

https://de.wikipedia.org/wiki/Efail

https://www.scmagazine.com/critical-pgpgpg-smime-email-encryption-vulnerabilities-revealed/article/765806/

From 2012 😉

https://www.slipstick.com/outlook/microsoft-service-agreement-virus-and-why-you-should-block-external-content/

The user wants’s it > IT does it. That’s why it’s called IT

https://social.technet.microsoft.com/Forums/en-US/a0b6afd0-8de3-4091-b4b9-2071daabe441/outlook-2016-not-displaying-all-images?forum=Office2016ITPro

Solution: check your GPO Policy and turn/change things. Remember by DEFAULT external content is NOT loaded.

New problem 😉

Sometimes when it comes to GPO’s you have to do a post doc in IT to understand this.

Is it now?

“Display pictures and external content in HTML e-mail”

Or should it be?

“Do not Display pictures and external content in HTML e-mail”

If you read the Description it says you have to enable > Then Outlook will NOT automatically download.

That is kind of confusing? Well no the people who write such things are developers and normally they are not normal.


 Category published:  Deployment GPO | Gruppenrichtlinien W10   Click on the Category button to get more articles regarding that product.