A critical vulnerability (CVE-2023-23397) has been identified in all versions of Microsoft Outlook for Windows.
This vulnerability can be exploited when a threat actor delivers a specially crafted message to a user via email. This message can leak password information of the user to the untrusted network which an attacker can then gain access to and authenticate as the user.
Microsoft has released a security update for Microsoft Outlook for Windows that is required to address this vulnerability. To address this vulnerability, you must install the Outlook security update, regardless of where your mail is hosted (e.g., Exchange Online, Exchange Server, some other platform).
We strongly recommend that you review your patching status and update to the latest version immediately. Additionally, it is recommended that you block outbound SMB traffic (Ports 139 and 445).
These links provide detailed instructions on how to apply the security update for Microsoft Outlook for Windows to address CVE-2023-23397:
• Microsoft Security Update Guide: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
• Microsoft Update: https://support.microsoft.com/en-us/office/update-office-with-microsoft-update-f59d3f9d-bd5d-4d3b-a08e-1dd659cf5282
• Install Office Updates: https://support.microsoft.com/en-us/office/install-office-updates-2ab296f3-7f03-43a2-8e50-46de917611c5
If you are worried about the security of your pharmacy systems and want to know how you can manage vulnerabilities like this automatically, speak to your Customer Success Manager or contact us on 1300 669 865.