Look out, Outlook

Written by:
Hyve
Date Posted:
12 April 2018
Category:
Security

Ah, Patch Tuesday. Everyone’s favourite time of the week. This Tuesday’s patchfest included a fix for Outlook where if you previewed an sneaky RTF email from Naughty People you could get totes pwned.

The issue is that Outlook decided it would be a smart idea when previewing an email to download any hosted Object Linking and Embedding (OLE).

The mail client was authenticating itself if the content was hosting on a SMB/CIFS server.

If the aforementioned SMB server was in the hands of the Naughty People, then they would instantly get hold of your log in username and (hashed, but not salted) password. You had to do nothing except preview the email.

Realistically, most Outlook users are not likely to have much of a password, so it wouldn’t have been too much effort to deal with the hash.

The vulnerability was initially reported in 2016 by Will Dormann of CERT and yes, your maths is right. It’s taken MS 18 months to sort.

However, the patch doesn’t really fix everything. If you want to lock your doors, then obviously run the patch (d’oh) then block SMB connections by blocking 445, 137, 139, 137 and 139. Nice.

So yet again, we advice you to use a password manager and use it to create super strong passwords.

Rating: 5.0/5. From 1 vote.
Please wait...

 

Leave a Reply

avatar
  Subscribe  
Notify of

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.