We select and review products independently. When you purchase through our links we may earn a commission. Learn more.

Windows Users Need to Update Outlook Immediately

Update now to patch a critical vulnerability.

Outlook running on a Windows PC
Hannah Stryker / Review Geek

Hackers are actively exploiting a critical escalation of privilege (EoP) vulnerability in Outlook, according to Microsoft. If you use Outlook on Windows, you need to update the email client today. Large organizations must consult Microsoft’s instructions to quickly mitigate this threat.

This zero-day vulnerability (CVE-2023-23397) is rated at 9.8 out of 10 on the CVSS scale, meaning that it’s both dangerous and easy to exploit. Details are a bit slim, but Microsoft explains that a specially-crafted email automatically triggers the exploit when it’s received by Outlook, without any interaction from the victim.

The exploit allows a hacker to access the victim’s Net-NTLMv2 hash. From there, the hacker can gain access to the victim’s network for further attacks or observation. A “Russia-based threat actor” has already utilized this exploit to target “organizations in government, transportation, energy, and military sectors in Europe.” (Notably, the vulnerability was first recognized and reported by Ukraine’s CERT security response team.)

A patch for this vulnerability is available in the latest Outlook update. I suggest that you manually update Outlook immediately on all Windows PCs in your home. To update Outlook, simply press the “File” tab, select “Microsoft Account” from the pop-out menu, click “Update Options,” and choose “Update Now.”

Large organizations may have a difficult time updating all instances of Outlook. For this reason, Microsoft lists several mitigation methods on its CVE listing. Microsoft also offers a PowerShell script that allows organizations to see if they’ve been targeted by this vulnerability.

Source: Microsoft via Forbes, Bleeping Computer

Andrew Heinzman Andrew Heinzman
Andrew is the News Editor for Review Geek, where he covers breaking stories and manages the news team. He joined Life Savvy Media as a freelance writer in 2018 and has experience in a number of topics, including mobile hardware, audio, and IoT. Read Full Bio »