Skip to Content

Microsoft Outlook security flaws you need to patch now

If you are one of the more than billion users of Microsoft Office, you’re most certainly familiar with Outlook. Microsoft Outlook is the default email, calendar and contacts application typically bundled with Office installations. Check your Windows computer now – if you have Office, chances are, it’s already installed.

If you do have Outlook, please be aware that Microsoft quietly patched the program recently for two security vulnerabilities, which can allow an attacker to take control of your computer.

Microsoft usually bundles its software security patches together on the second Tuesday of each month (Patch or Update Tuesdays) but these patches were deemed critical enough to be pushed out early.

Microsoft Outlook security flaws

The first security flaw is a memory corruption exploit (CVE-2017-8663) that could allow an attacker to execute code and take over a computer via a poisoned email.

The memory corruption flaw requires a user to open a specially crafted file with an affected version of Microsoft Outlook. It could be exploited in an email attack scenario by sending a specially crafted file to the user and then convincing the user to open the file.

“The security update addresses the vulnerability by correcting the way that Microsoft Outlook parses specially crafted email messages,” Microsoft wrote in the security advisory.

The second security issue is an information disclosure flaw (CVE-2017-8572) that can be exploited by an attacker to steal data from a computer with a specially crafted Office file.

“To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created,” Microsoft warned.

All supported versions of Office and Outlook are affected, including Outlook 2007, 2010, 2013 and 2016.

Thankfully, Microsoft said that both flaws have not been publicly exploited nor are there any reported attacks using the bugs but it is recommended that Office users update their installations as soon as possible.

For directions on how to update your Microsft Office version, please refer to this Microsoft Office Support Page.

More from

Two-stage spyware attacks triggered by malicious apps

TSA cracks down: Read this before you pack electronics in your carry-on!

Watch out! New Facebook scam spreading now

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook