Microsoft Office – High Severity Vulnerability

Secure password entered on website Zero Trust

Earlier this month Microsoft announced there was a High Severity vulnerability affecting Microsoft Office products. At the time, we contacted all of our contracted support customers to inform of the vulnerability and we rapidly deployed patches to workstations and servers to protect against the vulnerability.

The ‘Microsoft Outlook Elevation of Privilege Vulnerability’  is a critical security flaw that affects all supported versions of Microsoft Outlook for Windows. It allows an attacker to steal the user’s credentials by sending a specially crafted email that triggers a connection to an external server controlled by the attacker. The attack was particularly nasty because the vulnerability can be exploited without any user interaction, even before the email is viewed in the preview pane. The attacker can then use the stolen credentials to authenticate with other services and gain access to the user’s network and data.

Microsoft released a security update to address this vulnerability, and has advised users to apply the update as soon as possible. Microsoft has also reported that this vulnerability has been exploited in limited, targeted attacks. Organisations should ensure employees are aware of the vulnerability and that they need to install these security patches available for Microsoft Office.  

Users can check their Outlook version and update status by following the instructions here. Alternatively there is a guide from Microsoft which explains how to update your versions of Office.  We strongly recommend that you share this with your employees and ask them to apply the updates and restart their workstations ASAP to reduce the threat of this vulnerability.

Moving forward, clients of new ‘Secure+’ cyber monitoring and response service will receive priority critical patching, as an inclusive part of the secure+ service. Please contact us if you would like more information.

Brochure: secure+ from ramsac

secure+ is a proactive cybersecurity monitoring service designed to hunt for signs of malicious activity or potential cyberbreach, ramsac then takes action to prevent damage from being done.

Related Posts

  • Understanding the dangers of ‘Permission Creep’

    Understanding the dangers of ‘Permission Creep’

    Cybersecurity

    This blog post explains what permission creep is, how it can expose sensitive data to unauthorised users, and what steps an organisation can take to prevent permission creep. [...]

    Read article

  • Using cybersecurity training to reduce an organisation’s risk of a cyberattack.

    Using cybersecurity training to reduce an organisation’s risk of a cyberattack.

    Cybersecurity

    Cybersecurity training is an important tool for organisations to prevent and mitigate cyberattacks, we explore the types of training available to organisations. [...]

    Read article

  • The risks of ChatGPT, and the Rise of AI.

    The risks of ChatGPT, and the Rise of AI.

    Cybersecurity

    Artificial intelligence (AI) is a game-changing technology in this blog we explore the risks and benefits of using AI-powered language models such as ChatGPT [...]

    Read article

  • How secure is MFA based on SMS and Voice calls?

    How secure is MFA based on SMS and Voice calls?

    Cybersecurity

    In this blog ramsac's cybersecurity expert Voke Augoye explores how secure Multi-factor authentication is when using SMS and voice calls. [...]

    Read article

  • EDR, MDR, XDR, SIEM, SOC – understanding the jargon in cybersecurity monitoring

    EDR, MDR, XDR, SIEM, SOC – understanding the jargon in cybersecurity monitoring

    Cybersecurity

    The cybersecurity product market is full of acronyms which can make it hard to determine what security monitoring services you need, and what benefits you get from them, this [...]

    Read article

  • Introducing Secure+ from ramsac: Keeping a watchful eye on your IT estate

    Introducing Secure+ from ramsac: Keeping a watchful eye on your IT estate

    Cybersecurity

    We are thrilled to be launching secure+ our most significant product launch in over a decade. Secure+ is a proactive cybersecurity monitoring service designed to keep a watchful eye [...]

    Read article