Homeland Security is urging organizations to patch a known Microsoft Outlook vulnerability, after hackers were spotted exploiting the flaw. Microsoft has admitted that its Outlook.com security breach was worse than the company initially revealed. The vulnerability is found in multiple versions of Outlook running on Windows, from Outlook 2010 to the latest Outlook 2019, as well as Office 365 ProPlus.
Cybercriminals are actively exploiting a vulnerability in the 2017 version of Microsoft Outlook, as a way to install malware on victims’ networks, according to a recent alert from the Department of Homeland Security Cybersecurity and Infrastructure Security Agency.
The CVE-2017-11774 vulnerability allows hackers to leave the Outlook sandbox and run malware and other malicious code on the rest of the operating system. SensePost discovered and reported the flaw to Microsoft in 2017, and the tech giant released a patch for the flaw in October of that year.
According to the SensePost analysis, the key defense against these attacks is patching. The Microsoft patch completely removes the feature that provides hackers with the means to launch the attacks. Strong network architecture and security practices, including multi-factor authentication and best practice passwords, can also strengthen defenses.
The current warning alerted all sectors that hackers are actively targeting the flaw to install access Trojans and other malware, and DHS CISA recommended that organizations immediately patch the flaw to prevent the nefarious actively. Once the correct password gives the hackers access, they install malware onto any device connected to the network.
Microsoft, DHS, and other security researchers are also currently urging organizations to patch another known vulnerability, BlueKeep, which they worry could cause another “WannaCry” ransomware attack, like in 2017.
These continued warnings should serve as a reminder to shore up these gaps. When patching can’t be performed in a timely manner, segmentation can at least keep vulnerable devices isolated from the main network. For this Outlook flaw, the use of multi-factor authentication could provide a roadblock between the hacker and the account by adding an extra layer of security. To read this article in its entirety, visit to HealthITSecurity. For more information on patching Microsoft Outlook to protect your organization from vulnerabilities, contact Sandwire.