Microsoft Office – High Severity Vulnerability

Secure password entered on website Zero Trust

Earlier this month Microsoft announced there was a High Severity vulnerability affecting Microsoft Office products. At the time, we contacted all of our contracted support customers to inform of the vulnerability and we rapidly deployed patches to workstations and servers to protect against the vulnerability.

The ‘Microsoft Outlook Elevation of Privilege Vulnerability’  is a critical security flaw that affects all supported versions of Microsoft Outlook for Windows. It allows an attacker to steal the user’s credentials by sending a specially crafted email that triggers a connection to an external server controlled by the attacker. The attack was particularly nasty because the vulnerability can be exploited without any user interaction, even before the email is viewed in the preview pane. The attacker can then use the stolen credentials to authenticate with other services and gain access to the user’s network and data.

Microsoft released a security update to address this vulnerability, and has advised users to apply the update as soon as possible. Microsoft has also reported that this vulnerability has been exploited in limited, targeted attacks. Organisations should ensure employees are aware of the vulnerability and that they need to install these security patches available for Microsoft Office.  

Users can check their Outlook version and update status by following the instructions here. Alternatively there is a guide from Microsoft which explains how to update your versions of Office.  We strongly recommend that you share this with your employees and ask them to apply the updates and restart their workstations ASAP to reduce the threat of this vulnerability.

Moving forward, clients of new ‘Secure+’ cyber monitoring and response service will receive priority critical patching, as an inclusive part of the secure+ service. Please contact us if you would like more information.

Brochure: secure+ from ramsac

secure+ is a proactive cybersecurity monitoring service designed to hunt for signs of malicious activity or potential cyberbreach, ramsac then takes action to prevent damage from being done.

Related Posts

  • Data Protection and Innovation: The Role of the ICO Regulatory Sandbox in the UK

    Data Protection and Innovation: The Role of the ICO Regulatory Sandbox in the UK

    Cybersecurity

    In this blog, we'll explore the concept of the ICO Regulatory Sandbox and its objectives in the data protection landscape in the UK [...]

    Read article

  • What is a break glass account?

    What is a break glass account?

    Cybersecurity

    If you’re creating a business continuity plan, have you considered a break glass account? Learn what one is and how to create one here. [...]

    Read article

  • Cybersecurity vs cyber resilience – what is the difference?

    Cybersecurity vs cyber resilience – what is the difference?

    Cybersecurity

    What’s the difference between cybersecurity and cyber resilience, and how can you implement them? We cover this and more. [...]

    Read article

  • Celebrating 20 Years of Cybersecurity Awareness Month

    Celebrating 20 Years of Cybersecurity Awareness Month

    Cybersecurity

    October is Cybersecurity awareness month, follow us on LinkedIn or Twitter for daily tips on how you can protect your organisation against Cybercrime. [...]

    Read article

  • How much should businesses invest in cyber resilience? 

    How much should businesses invest in cyber resilience? 

    Cybersecurity

    In this blog we explore how much organisations should invest in cyber resilience to protect against cybercrime [...]

    Read article

  • The European Cyber Resilience Act explained – how it impacts your business

    The European Cyber Resilience Act explained – how it impacts your business

    Cybersecurity

    On the 15th of September 2022, the European Commission published its proposal for new regulation regarding cybersecurity requirements for products with digital elements (such as smart fridges, cameras, TVs [...]

    Read article