We are contacting you about a recently published and critical security vulnerability (CVSS 9.8 – CVE-2023-23397). This zero-day vulnerability affects Microsoft Outlook. Please note that this vulnerability does not affect Outlook for MacOS/iOS or Android. Only Windows users are affected.
What is this all about?
This vulnerability allows the attacker to steal a user’s credentials by sending a malicious email to the victim. It get even worse because processing the e-mail by Outlook is enough, so you don’t need to open the mail. This is called a no-user-interaction required exploit.
This is also confirmed by Microsoft and a patch is already out!
How do I update / patch my Outlook?
Follow this steps to update the Outlook client.
- Go to Outlook click on File > Office Account > About Outlook
The version must be higher than 2301.
If the version is not higher than 2301 then update the Office Outlook client, follow the steps to update it.
- Go to Outlook click on File > Office Account > Update options
The installation will start automatically and update the outlook client, in the meantime you can keep on working.