Microsoft Office – High Severity Vulnerability

Secure password entered on website Zero Trust

Earlier this month Microsoft announced there was a High Severity vulnerability affecting Microsoft Office products. At the time, we contacted all of our contracted support customers to inform of the vulnerability and we rapidly deployed patches to workstations and servers to protect against the vulnerability.

The ‘Microsoft Outlook Elevation of Privilege Vulnerability’  is a critical security flaw that affects all supported versions of Microsoft Outlook for Windows. It allows an attacker to steal the user’s credentials by sending a specially crafted email that triggers a connection to an external server controlled by the attacker. The attack was particularly nasty because the vulnerability can be exploited without any user interaction, even before the email is viewed in the preview pane. The attacker can then use the stolen credentials to authenticate with other services and gain access to the user’s network and data.

Microsoft released a security update to address this vulnerability, and has advised users to apply the update as soon as possible. Microsoft has also reported that this vulnerability has been exploited in limited, targeted attacks. Organisations should ensure employees are aware of the vulnerability and that they need to install these security patches available for Microsoft Office.  

Users can check their Outlook version and update status by following the instructions here. Alternatively there is a guide from Microsoft which explains how to update your versions of Office.  We strongly recommend that you share this with your employees and ask them to apply the updates and restart their workstations ASAP to reduce the threat of this vulnerability.

Moving forward, clients of new ‘Secure+’ cyber monitoring and response service will receive priority critical patching, as an inclusive part of the secure+ service. Please contact us if you would like more information.

Brochure: secure+ from ramsac

secure+ is a proactive cybersecurity monitoring service designed to hunt for signs of malicious activity or potential cyberbreach, ramsac then takes action to prevent damage from being done.

Related Posts

  • The importance of cybersecurity contingency planning for businesses

    The importance of cybersecurity contingency planning for businesses

    Cybersecurity

    Protect your data from cybercriminals and minimise downtime with an effective cybersecurity contingency plan. Read on. [...]

    Read article

  • How to Spot a Scam HMRC Letter 

    How to Spot a Scam HMRC Letter 

    Cybersecurity

    Learn how to spot fraudulent communications, like fake HMRC letters, and take steps to protect your personal information and finances from scammers. [...]

    Read article

  • What is Data Loss Prevention (DLP)?

    What is Data Loss Prevention (DLP)?

    CybersecurityTechnical Blog

    Explore how Data Loss Prevention (DLP) strategies and tools protect sensitive data, ensure regulatory compliance, and mitigate risks from insider threats, enabling organisations to stay secure and resilient in [...]

    Read article

  • AI-Driven Threat Detection and Response

    AI-Driven Threat Detection and Response

    AICybersecurityTechnical Blog

    This blog explores how AI-driven cybersecurity is transforming threat detection and response with real-time, adaptive defenses against evolving cyber threats. [...]

    Read article

  • Why you should invest in Cybersecurity Consultancy

    Why you should invest in Cybersecurity Consultancy

    Cybersecurity

    n an increasingly complex cyber threat landscape, investing in cybersecurity consultancy is essential to protect your business from potential risks and ensure long-term resilience. [...]

    Read article

  • Everything you need to know about the transition to ISO 27001:2022 

    Everything you need to know about the transition to ISO 27001:2022 

    Cybersecurity

    This blog explains the essential steps and timeline for transitioning from ISO 27001:2013 to ISO 27001:2022, ensuring your organisation maintains its certification before the October 2025 deadline. [...]

    Read article

Quiz yourself

Are you more cyber savvy than an 11 year old?

11-14 year olds get asked these questions in school. Could you get these right?