New Microsoft Office Vulnerability!

Mar 20, 2023 | News

Act now to secure your Microsoft Outlook!

Its not uncommon for Microsoft to release patches which tackle some scary sounding issues but the recently released patch for Outlook has raised the bar. The vulnerability this time has all the facets to be very bad!

Outlook is the most prevalent email client used around the world. It’s bundled with Microsoft 365 services but is often used by customers as part of the office suite even if they don’t use the cloud services. This vulnerability lets a remote and unauthenticated attacker breach systems simply by sending a specially crafted email that allows them to steal the recipient’s credentials. The recipient doesn’t even need to open the email! The attack gets triggered by Outlook processing the email as it connects to the server in the background. The email doesn’t even have to be opened in the preview pane!

This vulnerability was given a score of 9.8 out of 10 in the CVSS scale which highlights just how bad that issue is.

Patching is always important but the sheer risk and scale of this issue puts this at the top of any priority list.

There are also some mitigations which can be put in place such as blocking SMB traffic outbound. Whilst these are not a replacement for any patching they do help give a bit more time to ensure every outlook client is up to date.

VMhosts have already tackled all managed customers but if you are needing help getting on top of your patching or just want to take that stress away give us a call on 01223 919254.