Critical Security Vulnerability (9.8 CVSS Score) – Microsoft Outlook / 365

What do I need to know? CVE-2023-23397 is a critical zero-day vulnerability in Microsoft Outlook / 365 that allows a remote attacker to compromise your system simply by sending you an email. No user interaction is required, and exploitation occurs before the message is even viewed in the preview pane. More information is available here.


What do I need to do?

You can manually update Microsoft Office to fix the vulnerability or if automatic updates are enabled on your devices, they will be fixed during Microsoft’s next patch window (usually the second Tuesday of every month).

If your PC’s, laptops and tablets are managed by our Remote Monitoring and Management (RMM) service you do not need to worry, we have been applying remediation across all of our client devices including the official Microsoft patch.

This vulnerability highlights the importance of devices being enrolled in an RMM Service. RMM allows us to very quickly react to security threats by identifying all affected devices and applying the appropriate remediation across all of our customers at once, rather than having to deal with each system one by one.

This is much quicker than relying on traditional methods, such as Microsoft Automatic Updates which will likely not fix the issue until Tuesday 11th April.

For more information on any of the above, please contact your Connect Systems Account Manager or get in touch with us here and we’ll be happy to help you.

< Back