Executive Summary

    On June 11th, cybersecurity firm Morphisec published an article detailing a critical vulnerability in Microsoft Outlook. Successful exploitation of this vulnerability will enable attackers to run arbitrary code by sending a specially designed email. The exploit is triggered by opening the email. 

    The vulnerability was discovered by Morphisec researchers Michael Gorelik and Shmuel Uzan, who pointed out that the vulnerability is particularly dangerous for accounts using Microsoft Outlooks' auto-open email feature, as execution initiates when an affected email is opened. A malicious actor could send a carefully constructed message to exploit the vulnerable Outlook software, allowing them to execute arbitrary code using the privileges of the currently logged-on user. This attack does not require any user interaction and is conducted through the network. 

    Given the ease of this attack, the severity of a successful exploit, and the reports of current use by ransomware threat actors, Beazley Security believes immediate update of affected systems is crucial. 

    Affected Systems or Products

    The vulnerability affects the following Outlook versions: 

    • Microsoft Outlook 2016 (64-bit edition) 

    • Microsoft Outlook 2016 (32-bit edition) 

    • Microsoft Office LTSC 2021 for 32-bit editions 

    • Microsoft Office LTSC 2021 for 64-bit editions 

    • Microsoft 365 Apps for Enterprise for 64-bit Systems 

    • Microsoft 365 Apps for Enterprise for 32-bit Systems 

    • Microsoft Office 2019 for 64-bit editions 

    • Microsoft Office 2019 for 32-bit editions 

    Patches

    Morphisec researchers worked closely with the Microsoft, who released patches at the time of disclosure here. 

    How Beazley Security is responding

    Beazley Security is monitoring client perimeter devices discovered by our Attack Surface Management Solution, Karma, to identify potentially impacted devices and support organizations in remediation of any issues found.

    Sources