Look out, Outlook

Written by:
Date Posted:
12 April 2018

Ah, Patch Tuesday. Everyone’s favourite time of the week. This Tuesday’s patchfest included a fix for Outlook where if you previewed an sneaky RTF email from Naughty People you could get totes pwned.

The issue is that Outlook decided it would be a smart idea when previewing an email to download any hosted Object Linking and Embedding (OLE).

The mail client was authenticating itself if the content was hosting on a SMB/CIFS server.

If the aforementioned SMB server was in the hands of the Naughty People, then they would instantly get hold of your log in username and (hashed, but not salted) password. You had to do nothing except preview the email.

Realistically, most Outlook users are not likely to have much of a password, so it wouldn’t have been too much effort to deal with the hash.

The vulnerability was initially reported in 2016 by Will Dormann of CERT and yes, your maths is right. It’s taken MS 18 months to sort.

However, the patch doesn’t really fix everything. If you want to lock your doors, then obviously run the patch (d’oh) then block SMB connections by blocking 445, 137, 139, 137 and 139. Nice.

So yet again, we advice you to use a password manager and use it to create super strong passwords.

Rating: 5.0/5. From 1 vote.
Please wait...

Recommended Videos

Find out why Safestore adopted Hyve as their hosting provider

Case Studies

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.