Security Alert - Critical Outlook for Windows vulnerability
Microsoft has published updates to Microsoft Outlook for Windows operating systems that includes an update for a critical security vulnerability. Patch as soon as possible. A critical-severity vulnerability exists in Microsoft Outlook for Windows that can allow an attacker to escalate privileges by sending a crafted message with a universal naming convention (UNC) path pointing to an attacker-controlled server message block (SMB) server on TCP port 445. No user interaction is required for the vulnerability to be exploited. Microsoft states there is known exploitation of this vulnerability. All currently supported versions of Microsoft Outlook for Windows are impacted: 2013, 2016, 2019, LTSC 2021, and Microsoft 365 Apps/Office 365 update channels. Microsoft Outlook for non-Windows platforms is not impacted by this vulnerability. For Certified Desktop customers: Many Microsoft Outlook for Windows clients have already automatically updated. Updates will be made available toda