Microsoft Office – High Severity Vulnerability

Secure password entered on website Zero Trust

Posted on March 30, 2023 by Louise Howland

Earlier this month Microsoft announced there was a High Severity vulnerability affecting Microsoft Office products. At the time, we contacted all of our contracted support customers to inform of the vulnerability and we rapidly deployed patches to workstations and servers to protect against the vulnerability.

The ‘Microsoft Outlook Elevation of Privilege Vulnerability’ is a critical security flaw that affects all supported versions of Microsoft Outlook for Windows. It allows an attacker to steal the user’s credentials by sending a specially crafted email that triggers a connection to an external server controlled by the attacker. The attack was particularly nasty because the vulnerability can be exploited without any user interaction, even before the email is viewed in the preview pane. The attacker can then use the stolen credentials to authenticate with other services and gain access to the user’s network and data.

Microsoft released a security update to address this vulnerability, and has advised users to apply the update as soon as possible. Microsoft has also reported that this vulnerability has been exploited in limited, targeted attacks. Organisations should ensure employees are aware of the vulnerability and that they need to install these security patches available for Microsoft Office.

Users can check their Outlook version and update status by following the instructions here. Alternatively there is a guide from Microsoft which explains how to update your versions of Office. We strongly recommend that you share this with your employees and ask them to apply the updates and restart their workstations ASAP to reduce the threat of this vulnerability.

Moving forward, clients of new ‘Secure+’ cyber monitoring and response service will receive priority critical patching, as an inclusive part of the secure+ service. Please contact us if you would like more information.

Brochure: secure+ from ramsac

secure+ is a proactive cybersecurity monitoring service designed to hunt for signs of malicious activity or potential cyberbreach, ramsac then takes action to prevent damage from being done.

Download brochure

July 1st, 2025

Why Every Organisation Needs The Perfect IT Security Policy

Cybersecurity

An IT security policy isn’t just paperwork, it’s your organisation’s first line of defence. In this blog, we explore why a clear, practical policy matters, what it should cover, [...]

Read article
June 22nd, 2025

How to Build a Disaster Recovery Plan That Actually Works

Cybersecurity IT

From ransomware to IT outages, UK organisations face rising threats to continuity. This post covers the key elements of a strong disaster recovery plan – and why testing, communication [...]

Read article
June 16th, 2025

Why should an organisation carry out board-level cyber training?

Cybersecurity

Cybersecurity isn’t just an IT issue, it’s a leadership issue, and this blog explains why board-level training is vital to protect your business from the top down. [...]

Read article
May 27th, 2025

How to Build a Resilient SME in an Uncertain World

Cybersecurity IT

In an unpredictable world, resilience is no longer optional for SMEs. Rob May shares practical insights from Unbreakable Business to help leaders protect their organisations and bounce back stronger. [...]

Read article
May 22nd, 2025

What is Vulnerability Management? A beginner’s guide for business leaders

Cybersecurity

This blog explains vulnerability management in clear, simple terms to help business leaders understand how to reduce cyber risk and improve security across their organisation. [...]

Read article
May 9th, 2025

Smishing: How fake texts can trick your team

Cybersecurity

A real-world example of a WhatsApp scam targeting ramsac staff shows why organisations must stay vigilant against smishing attacks, here’s what to look for and how to protect yourself. [...]

Read article