Cybersecurity Notice!  Microsoft Outlook vulnerability opens mail server without user interaction

June 7, 2023

We have become aware of an unusually clever and problematic vulnerability that affects all users of Microsoft Outlook.  This vulnerability is being actively exploited by attackers. 

This vulnerability in Outlook permits the attacker to send a malicious calendar item to a recipient and can use the invitation message to control share-hosting on the Exchange server even if the recipient has not seen the message.  All supported versions of Microsoft Outlook for Windows are affected by this exploit regardless of whether you use Exchange or MS 365.  The unusually troubling fact about this attack is user interaction is not necessary for the exploit to be triggered.

Microsoft has issued a patch to address this issue in part.  However, more action is necessary on to close the path used by these attackers.  For its Clients, Deltec will be completing the following additional steps:

1.  Scan all on-premise Exchange and online-hosted Exchange servers (Microsoft 365) for previously received malicious calendar invitations, and

2.  Block outbound traffic from a particular port (TCP445/SMB) to prevent the possibility of sending malicious New Technology LAN Manager (NTLM) authentication messages from and to remote file shares.

More action may be necessary as we continue to evaluate ways to avoid using paths susceptible to this vulnerability.  Our commitment is to be proactive in protecting the business and workforce of our Clients.

Photo by Bermix Studio on Unsplash

About Deltec Solutions

Deltec Solutions is a Muncie-based business specializing in strategic Information Technology solutions for organizations.  As a trusted technology partner for small and mid-size organizations since 1990, Deltec Solutions helps clients with their technology needs in four areas: network infrastructure consulting and planning, cybersecurity hardening and training, business continuity planning, and remote desktop support.  Call us today and let us help you get the most of your technology investment.

Contacts

Scott Jordan, Founder and CTO | sajordan@deltecsolutions.com | 765-587-5101
Steve Davis, President and CEO| sdavis@deltecsolutions.com | 765-587-5136