Yesterday, Microsoft released a statement on a new extremely critical vulnerability affecting Microsoft Outlook on Windows machines, which they assigned a severity score of 9.8 out of 10.
This is a severe unpatched exploit that is being exploited in the wild
What makes this exploit so dangerous is that it only requires the email to be received, and it can/will run even if a user never even click on it or reads it. In layman’s terms, if your Outlook software client simply receives the malware email, your password will essentially be stolen.
This vulnerability is unlike the usual email security exploits of the past which required the user to open the email, or to click a link or attachment to run.
Now, it’s basically a race to get the update installed before you receive one of these malware emails – and they will be coming soon – so the sooner you act the better.
I use the Microsoft Outlook client to access my email – what should we do?
Fortunately, Microsoft has released a patch for this vulnerability (CVE-2023-23397) via the Office Update mechanism.
This is very serious and important – please stop what you are doing ASAP and take a moment to update your Office apps on Windows machines.
We also encourage you to do this on any personal Windows machines, and to encourage family and friends to do the same – ASAP.
Please see the below for additional info & the simple remediation steps.
How to Update Office Apps on your Windows PC
GenCare customers that have Microsoft InTune device management for their computers will automatically see this update pushed out and the issue resolved.
However, if your company isn’t using InTune (or you are a home user) please take the below steps to be sure that your Office Apps have the latest update:
1. Save your work in the Office Apps (Outlook, Word, Excel, PowerPoint)
2. In any of those apps, click on FILE, then ACCOUNT (or OFFICE ACCOUNT if you opened Outlook)
3. Under PRODUCT INFORMATION, choose UPDATE OPTIONS< UPDATE NOW
Note – If for some reason updates are disabled, click on ENABLE UPDATES and then click UPDATE NOW
4. Close the “YOU’RE UP TO DATE!” window after Office is done updating.
What About Macs? I’m on Outlook for Mac, am I affected by this?
This exploit is only for Windows, however you should take a minute to make sure that your Office for Mac apps are up to date as well, as you may or may not have auto-update configured.
From any Office for Mac app, click HELP in the top toolbar and then CHECK FOR UPDATES, then install the updates.
If it isn’t checked already, click the box that says AUTOMATICALLY KEEP MICROSOFT APPS UP TO DATE
If you have questions, please contact us and our IT support team will be happy to assist you.