MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
security
Recherche

Dangerous security flaw found in Microsoft Outlook – go patch right now!

jeudi 11 juillet 2024, 16:09 , par PC World
Security researchers from Morphisec recently discovered a serious security hole in Outlook. Called CVE-2024-38021, this is a zero-click remote code execution (RCE) vulnerability that can allow unauthorized access to your system without a single click.

The issue apparently affects most Microsoft Outlook applications and doesn’t require any user authentication. In the worst-case scenario, CVE-2024-38021 can lead to potential data leaks, unauthorized access, execution of malicious code, and other dangers.

Related: Is Windows 11’s built-in antivirus enough for normal users?

The lack of user authentication makes this vulnerability particularly dangerous and a high priority to address. Microsoft itself initially categorized this vulnerability as “high” risk, but assumed that the vulnerability could only be exploited in certain cases.

But according to the security researchers, it’s recommended that this vulnerability should be considered “critical” and that it should be assumed that it’s already being actively exploited.

CVE-2024-38021 was first discovered at the end of April and reported by Morphisec. Confirmation from Microsoft followed a day later. But it took until July 9 for Microsoft to finally roll out a security patch, which was made available as part of the Tuesday updates.

What you need to do now

Since the assumption is that attackers are already exploiting this security hole, you should act quickly.




get windows 11 pro for cheap




Windows 11 Pro























Make absolutely sure that all Microsoft Outlook and Office applications on your systems are updated with the latest patches as soon as they’re available to you. Don’t put this off and risk forgetting about it.

It also makes sense to add additional security measures to your Outlook account, especially if you use it for business. It’s best to set up authentication and deactivate automatic email previews if possible.

Related: Microsoft Outlook update makes it easier to squash spam

Security Software and Services
Lire la suite sur PC World
https://www.pcworld.com/article/2393499/serious-security-vulnerability-discovered-in-outlook-why-you...

Voir aussi

security Security updates for Tuesday LWN.net23 Jul
microsoft CrowdStrike CEO summoned to explain epic fail to US Homeland Security TheRegister23 Jul
outlook FTC grabs controller as Microsoft jacks up Game Pass price by 81% TheRegister23 Jul
rsquo OpenMandriva ROME 24.07: A Linux-based alternative to Microsoft Windows 11 following Crowdstrike BSOD disaster BetaNews23 Jul
vulnerability Godeal24 : des réductions massives sur les clés de logiciels Microsoft ! Office 2021 Pro à seulement 28 € ! Génération-NT23 Jul
windows Microsoft: Linux Is the Top Operating System on Azure Today Slashdot23 Jul
dangerous Lessons learned from the Microsoft-CrowdStrike outage BetaNews22 Jul
cve- Microsoft pins Windows outage on EU-enforced ‘interoperability’ deal ComputerWorld22 Jul
should Why Business Internet Security Is Important for You ComputerWorld22 Jul
makes Security updates for Monday LWN.net22 Jul
authentication EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft TheRegister22 Jul
are Microsoft's CISPE settlement includes a suspension of audits for members TheRegister22 Jul
already Focusing open source on security, not ideology InfoWorld22 Jul
access Semantic Kernel: Diving into Microsoft’s AI orchestration SDK InfoWorld22 Jul
unauthorized Bethesda devient le premier studio Microsoft à se syndiquer entièrement GameKult22 Jul
security Curiosity rover is crushing it: Ran over a rock and found pure sulfur TheRegister22 Jul
microsoft Google, Oracle, Microsoft make their case for VMware migrations – HPE on the outer? TheRegister22 Jul
outlook Security updates for Friday LWN.net19 Jul
rsquo Workplaces plagued by risky security behavior BetaNews19 Jul
vulnerability Azure VMs ruined by CrowdStrike patchpocalypse? Microsoft has recovery tips TheRegister19 Jul
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
lun. 16 sept. - 21:02 CEST