Microsoft Office – High Severity Vulnerability

Secure password entered on website Zero Trust

Posted on March 30, 2023 by Louise Howland

Earlier this month Microsoft announced there was a High Severity vulnerability affecting Microsoft Office products. At the time, we contacted all of our contracted support customers to inform of the vulnerability and we rapidly deployed patches to workstations and servers to protect against the vulnerability.

The ‘Microsoft Outlook Elevation of Privilege Vulnerability’ is a critical security flaw that affects all supported versions of Microsoft Outlook for Windows. It allows an attacker to steal the user’s credentials by sending a specially crafted email that triggers a connection to an external server controlled by the attacker. The attack was particularly nasty because the vulnerability can be exploited without any user interaction, even before the email is viewed in the preview pane. The attacker can then use the stolen credentials to authenticate with other services and gain access to the user’s network and data.

Microsoft released a security update to address this vulnerability, and has advised users to apply the update as soon as possible. Microsoft has also reported that this vulnerability has been exploited in limited, targeted attacks. Organisations should ensure employees are aware of the vulnerability and that they need to install these security patches available for Microsoft Office.

Users can check their Outlook version and update status by following the instructions here. Alternatively there is a guide from Microsoft which explains how to update your versions of Office. We strongly recommend that you share this with your employees and ask them to apply the updates and restart their workstations ASAP to reduce the threat of this vulnerability.

Moving forward, clients of new ‘Secure+’ cyber monitoring and response service will receive priority critical patching, as an inclusive part of the secure+ service. Please contact us if you would like more information.

Brochure: secure+ from ramsac

secure+ is a proactive cybersecurity monitoring service designed to hunt for signs of malicious activity or potential cyberbreach, ramsac then takes action to prevent damage from being done.

Download brochure

July 15th, 2024

What is data theft and how do you prevent it?

Cybersecurity

In any size organisation, data theft can be a huge issue. From disgruntled employees to large scale cyberattacks, data theft can severely impact your business. According to a report [...]

Read article
July 9th, 2024

The true cost of a cyber breach

Cybersecurity

Understanding the true cost of a cyber breach is crucial, as it involves not only the immediate financial losses but also potential long-term impacts such as data loss, business [...]

Read article
May 1st, 2024

Inherent risk vs residual risk: What’s the difference?

Cybersecurity

Inherent risk and residual risk are key elements of any effective risk management process designed to strengthen cybersecurity defences and protect your company’s data. Read on. [...]

Read article
April 29th, 2024

What is cybersecurity monitoring? How important is it in 2024?

Cybersecurity

Cybersecurity monitoring is the continuous surveillance of digital systems to detect and respond to security threats and data breaches in real-time. Discover how cybersecurity monitoring software can protect your [...]

Read article
April 26th, 2024

Examples of sensitive data in your organisation

Cybersecurity

Any confidential information that’s stored, processed, or managed by an organisation or individual is classified as sensitive data. Read our sensitive data examples today. [...]

Read article
March 6th, 2024

How to set up a secure password policy in Microsoft 365

Cybersecurity

Discover the essentials of a robust password policy for cybersecurity in Microsoft 365. Learn what to include and what to avoid. Read the blog today. [...]

Read article