August 7, 2024 at 11:35AM Researchers discovered a method to hide the ‘First Contact Safety Tip’ in Microsoft 365, potentially increasing the risk of users opening malicious emails. Despite reporting the flaw to Microsoft, the tech giant decided not to address it at this time. The technique involves manipulating HTML and CSS to hide the … Read more
June 12, 2024 at 12:45PM Microsoft addressed a critical remote code execution vulnerability in its June 2024 Patch Tuesday updates. Tracked as CVE-2024-30103, it allows attackers to create malicious DLL files and initiate execution when an affected email is opened in Outlook. This zero-click vulnerability can be exploited for initial access and requires immediate client … Read more
February 14, 2024 at 05:02PM Microsoft has identified a critical security vulnerability, CVE-2024-21413, in Outlook that allows remote unauthenticated attackers to exploit it, leading to remote code execution and the theft of NTLM credentials. The flaw bypasses Protected View and can be exploited through the Preview Pane, affecting multiple Office products. Check Point revealed a … Read more
December 19, 2023 at 04:05PM Researchers disclosed two security vulnerabilities in Microsoft Outlook, which, when combined, allow attackers to execute arbitrary code on systems without any user interaction. The vulnerabilities can be triggered using a sound file. Akamai identified the flaws and Microsoft has issued patches, but additional vulnerabilities in the patches have also been … Read more
December 19, 2023 at 03:39PM Akamai security researchers have disclosed multiple bypasses for Microsoft’s patches for an Outlook zero-click remote code execution vulnerability. The original issue, CVE-2023-23397, was exploited by a Russian state-sponsored threat actor, prompting Microsoft to release a patch in March 2023. Akamai identified other bypasses, which Microsoft has subsequently addressed in later … Read more
December 8, 2023 at 10:18AM Russian threat actor APT28 is exploiting a no-interaction Outlook vulnerability in attacks across 14 countries. This was reported on SecurityWeek. Based on the meeting notes, the key takeaway is that a Russian threat actor known as APT28 has been utilizing a zero-click Outlook exploit to carry out attacks on 14 … Read more