Microsoft Outlook Flaw Could Allow Hackers to Steal your Login Credentials

Microsoft Outlook Flaw Could Allow Hackers to Steal your Login Credentials

Threat Highlight: Microsoft Outlook Flaw

A Microsoft Outlook vulnerability (CVE-2018-0950) could be exploited by hackers to steal your Windows login credentials just by convincing you to preview an email. This vulnerability was discovered nearly 18 months ago by security researcher Will Dormann of the CERT Coordination Center, and a partial patch was released by Microsoft this month (Please Note: This patch has been applied for all Aqueity clients.)

The flaw ties the way Outlook renders remotely-hosted OLE content when a Rich Text Format (RTF) email is previewed and automatically initiates SMB connections.

“Outlook blocks remote web content due to the privacy risk of web bugs. But with a rich text email, the OLE object is loaded with no user interaction.” – wrote Dormann

So all the attacker has to do is send an RTF email to the victim that contains a remotely-hosted image file (OLE object) from their server. Once you simply preview the email in your inbox the connection is made and the attacker now has access to your sensitive info.

So, what can I do now to mitigate this vulnerability?
  • Apply the Microsoft patch if you haven’t done so already (AQUEITY CLIENTS: Please disregard his step as we have already applied the patch to your machines). We highly suggest you have your IT support company perform this patch update in order to avoid any issues. Feel free to reach out to us at any time if you need assistance.
  • As always, use complex passwords
  • As always, don’t ever click on suspicious links in emails. For a refresher, here are some social engineering red flags to look out for.