Proofpoint Enterprise Protection S/MIME Opaque Signature Attachment Scanning Bypass Vulnerability

A vulnerability exists in Proofpoint Enterprise Protection's attachment scanning feature, allowing an unauthenticated remote attacker to bypass attachment scanning policies. This is achieved by sending a malicious S/MIME attachment with an opaque signature. When the attachment is opened by a recipient using a downstream email client, it could lead to a partial loss of integrity and confidentiality on their system.

Impact

Exploitation of this vulnerability could result in a bypass of attachment scanning policies, allowing malicious S/MIME attachments to be delivered to users' inboxes. When these attachments are opened, they could cause a partial loss of integrity and confidentiality on the user's system.

Remediation

Proofpoint has released patches for this vulnerability. On-premises customers running a supported version that automatically deploys releases do not need to take any action, as the fix has already been applied. Those in environments that manually apply releases should install the latest patch. Customers running an end-of-life version should upgrade to a supported release.