Latest Alerts

Microsoft Outlook Vulnerability

Microsoft has released a recent advisory regarding a critical security vulnerability affecting Windows systems (Servers and Endpoints) using Microsoft Outlook CVE-2023-23397.

Summary

Microsoft has issued a recent advisory regarding a critical security vulnerability affecting Windows systems (Servers and Endpoints) using Microsoft Outlook CVE-2023-23397.

This CRITICAL Vulnerability allows Cyber Criminals to steal credentials of Microsoft Outlook users with minimal complexity or effort. This vulnerability can be exploited by sending an email to a target user but does not require that user to open the email. It poses a dire threat to vulnerable organizations, as Cyber Criminals can repeatedly execute this attack and commandeer user accounts while the user is completely unaware.

Impact to Services

All customers with supported versions of Microsoft Outlook application for Windows are affected. Outlook for Mac, iOS or Android, or Outlook on the web are not affected.

Actions

To protect your organization, Microsoft and BOXX Hackbusters recommends that all organizations install the latest security patch for Microsoft Outlook immediately. To do this yourself you should do the following:

Open Outlook
Click on the File menu
Click on Office Account (some older versions may just say Account)
Click on Update Options
Select Update Now

If your organization usually manages updates, please verify with your IT Service Desk and ensure that they update all impacted systems.

Cyber Tips

5 crisis communications tips that work

Those that have been confronted with this reality realize that responding to a cyber attack is very different from other types of corporate crisis – strong and clear communication from the front line becomes vital.