The cloud-security firm Avanan reported testing this flaw, called baseStriker, against Office 365, Office 365 with ATP and Safelinks, Office 365 with Proofpoint MTA, Office 365 with Mimecast MTA and Gmail and found only the Mimecast and Gmail are protected. Those using the other configurations are all vulnerable. Microsoft and Proofpoint have been informed, Avanan said.
ORIGINAL SOURCE: SC Magazine