Unfortunately, Outlook may not be as secure as we users would like to think. According to a report published by the Carnegie Mellon Software Engineering Institute, Outlook comes with a security bug that could trigger password hash leaks when users preview a Rich Text Format emails that contains remotely hosted OLE objects.
Watch your Outlook password
This security vulnerability exists because the Redmond giant doesn’t use strict content verification and restrictions when loading items from a remote SMB server. On the other hand, the same vulnerability cannot be exploited when accessing web-hosted content as Microsoft applies much stricter restrictions when dealing with this type of content. Outlook doesn’t load web-hosted images in emails in order to protect users’ IP addresses. However, when users access RTF email messages that contain OLE objects loaded from a remote SMB server, Outlook does load the respective images. This leads to a series of leaks that include IP address, domain name, and more as the reports explains:
RELATED: 6 best antivirus with antispam to get rid of all the junk emails
Microsoft partially fixes the problem
Microsot recently rolled out a hotfix on Patch Tuesday to fix this security issue. Unfortunately, this solution is not 100% safe as it fails to block all remote SMB attacks. Additional security measures are required in order to block remote SMB attacks. For example, admins can block specific TCP ports for all SMB sessions and Outlook users should use complex passwords. RELATED STORIES TO CHECK OUT:
Outlook is running slow in Windows 10? Here are 14 fixes to use Outlook won’t open PDF attachments on Windows 10 Full Fix: Outlook 2016 Crashes on Launch
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
