Microsoft Outlook Vulnerability – March 2023

16 March, 2023

Dear KAUST Community,

As a follow-up to the IT Alert sent earlier today about the recently discovered ‘zero-day’ vulnerability in Microsoft Outlook, the Information Security Office would like to advise KAUST community members to apply updates to devices running Microsoft Outlook as soon as possible, since the vulnerability is being exploited in the wild.

The vulnerability requires no-user-interaction and can be triggered upon receipt of a malicious email, and so is executed before email is read in the preview pane; this is what security researchers call a zero-click attack.

According to Microsoft, targeted attacks were carried out against several European organizations in government, transportation, energy, and military sectors.

The good news is that the warning concerning this vulnerability coincides with the release of the latest security updates from Microsoft.

Check for and apply updates to Outlook manually:

 

To update Outlook manually, you can make Microsoft check online for any available updates and install it.

 

  1. Open Microsoft Outlook and click "File."
  2. In the navigation pane, click "Office Account."
  3. Click "Update Options."
  4. Click "Update Now.

 

Instructions to update:

KAUST Provided Windows Machines:

  • Let updates install, and restart your computer as soon as possible

Personal / BYOD Windows Machines: