Security Alert: Urgent Outlook for Windows update
Date:
2024-02-15 13:48:00
Status:
Closed
Brief Description:
Microsoft has identified and fixed a critical vulnerability in all supported versions of Microsoft Outlook for Windows only. The vulnerability bypasses link protections and may lead to remote code execution. Patch now.
Current Status:
N/A
Services Affected:
Certified Desktop
Full Description:
Microsoft has identified and fixed a critical vulnerability in all supported versions of Microsoft Outlook for Windows only. The vulnerability bypasses link protections and may lead to remote code execution. The risk introduced by this vulnerability is greatest to those not on a Cornell University network and its associated protections. The vulnerability does not impact macOS, mobile, or web Outlook clients. Patch now.
For Certified Desktop customers:
Updates will be made available today, Thursday, February 15, 2024, with an installation deadline of 4:00 pm on Monday, February 19, 2024.
For users with unmanaged or personal computers:
Users with unmanaged or personal computers should apply the latest updates available. Updates to Microsoft Office may be managed directly through an Office application or through Windows Update. Refer to “Install Office updates” and “Update Windows” in References below.
Fully up-to-date and secure versions of Office for Windows should match one of the versions listed in “Release notes for Microsoft Office security updates” in References below.
See “About Office: What version of Office am I using?” in References below for how to check your version and build number.
References:
MSRC – Microsoft Outlook Remote Code Execution Vulnerability: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21413
Microsoft - Release notes for Microsoft Office security updates: https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
Microsoft – Install Office updates: https://support.microsoft.com/en-us/office/install-office-updates-2ab296f3-7f03-43a2-8e50-46de917611c5#ID0EBBBBF=Newer_versions
Microsoft – Update Windows: https://support.microsoft.com/en-us/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a
Microsoft - About Office: What version of Office am I using?: https://support.microsoft.com/en-us/office/about-office-what-version-of-office-am-i-using-932788b8-a3ce-44bf-bb09-e334518b8b19#OSVersion=Windows
BleepingComputer – New critical Microsoft Outlook RCE bug is trivial to exploit: https://www.bleepingcomputer.com/news/security/new-critical-microsoft-outlook-rce-bug-is-trivial-to-exploit/
For Certified Desktop customers:
Updates will be made available today, Thursday, February 15, 2024, with an installation deadline of 4:00 pm on Monday, February 19, 2024.
For users with unmanaged or personal computers:
Users with unmanaged or personal computers should apply the latest updates available. Updates to Microsoft Office may be managed directly through an Office application or through Windows Update. Refer to “Install Office updates” and “Update Windows” in References below.
Fully up-to-date and secure versions of Office for Windows should match one of the versions listed in “Release notes for Microsoft Office security updates” in References below.
See “About Office: What version of Office am I using?” in References below for how to check your version and build number.
References:
MSRC – Microsoft Outlook Remote Code Execution Vulnerability: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21413
Microsoft - Release notes for Microsoft Office security updates: https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates
Microsoft – Install Office updates: https://support.microsoft.com/en-us/office/install-office-updates-2ab296f3-7f03-43a2-8e50-46de917611c5#ID0EBBBBF=Newer_versions
Microsoft – Update Windows: https://support.microsoft.com/en-us/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a
Microsoft - About Office: What version of Office am I using?: https://support.microsoft.com/en-us/office/about-office-what-version-of-office-am-i-using-932788b8-a3ce-44bf-bb09-e334518b8b19#OSVersion=Windows
BleepingComputer – New critical Microsoft Outlook RCE bug is trivial to exploit: https://www.bleepingcomputer.com/news/security/new-critical-microsoft-outlook-rce-bug-is-trivial-to-exploit/
CIT TDX ID: