Microsoft Outlook new e-mail exploit

Share This Post

We are contacting you about a recently published and critical security vulnerability (CVSS 9.8 – CVE-2023-23397). This zero-day vulnerability affects Microsoft Outlook. Please note that this vulnerability does not affect Outlook for MacOS/iOS or Android. Only Windows users are affected.

What is this all about?

This vulnerability allows the attacker to steal a user’s credentials by sending a malicious email to the victim. It get even worse because processing the e-mail by Outlook is enough, so you don’t need to open the mail. This is called a no-user-interaction required exploit.

This is also confirmed by Microsoft and a patch is already out!

How do I update / patch my Outlook?

Follow this steps to update the Outlook client.

  1. Go to Outlook click on File > Office Account > About Outlook
    The version must be higher than 2301.

If the version is not higher than 2301 then update the Office Outlook client, follow the steps to update it.

  1. Go to Outlook click on File > Office Account > Update options
    The installation will start automatically and update the outlook client, in the meantime you can keep on working.

Sources

More To Explore

Azure Security: A comprehensive overview

As organizations continue to embrace cloud computing, securing digital assets in the cloud has become a top priority. Microsoft Azure, one of the leading cloud

What is Cloud Security?

Welcome to the world of Cloud Security! Or better Hybrid-Cloud Security. If you’ve ever wondered how your data stays safe as it floats around in