Faculty & Staff

Microsoft has published updates to Microsoft Outlook for Windows operating systems that includes an update for a critical security vulnerability. Patch as soon as possible. A critical-severity vulnerability exists in Microsoft Outlook for Windows that can allow an attacker to escalate privileges by sending a crafted message with a universal naming convention (UNC) path pointing to an attacker-controlled server message block (SMB) server on TCP port 445. No user interaction is required for the vulnerability to be exploited. Microsoft states there is known exploitation of this vulnerability. All currently supported versions of Microsoft Outlook for Windows are impacted: 2013, 2016, 2019, LTSC 2021, and Microsoft 365 Apps/Office 365 update channels. Microsoft Outlook for non-Windows platforms is not impacted by this vulnerability. For Certified Desktop customers: Many Microsoft Outlook for Windows clients have already automatically updated. Updates will be made available toda

Because of a certificate issue, Spirion client applications are unable to make a connection to the central console. The clients are still functional, but are not reporting status or scan results to the console. The Cornell IT Security Office is working with CIT Desktop Engineering on a plan to push a new settings file to Windows clients and an updated client to Macs.