We have been notified of a new vulnerability that has been disclosed by Microsoft for Microsoft Outlook. This classification has a privilege escalation rating of 9.8 severity rating (out of 10).
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
For those who have our patch management service, we are rolling out, or have already rolled out, the updates for this Common Vulnerabilities and Exposures (CVE), as this is critical. Any RDS servers that is patched may also be rebooted out of hours.
Our advice is to use the Office365 Web version. Do not use the Outlook desktop app until you have updated your outlook client. We appreciate this may not be possible and we are looking into ways we can mitigate this.
Below are the versions of Office/Outlook that are not vulnerable. If your Office/Outlook is an older version than those mentioned below, then you need to have the patch applied.
Current Channel: Version 2302 (Build 16130.20306)
Monthly Enterprise Channel: Version 2301 (Build 16026.20238)
Monthly Enterprise Channel: Version 2212 (Build 15928.20298)
Semi-Annual Enterprise Channel (Preview): Version 2301 (Build 16130.20306)
Semi-Annual Enterprise Channel: Version 2208 (Build 15601.20578)
Semi-Annual Enterprise Channel: Version 2202 (Build 14931.20944)
Office 2021 Retail: Version 2301 (Build 16130.20306)
Office 2019 Retail: Version 2302 (Build 16130.20306)
Office 2016 Retail: Version 2302 (Build 16130.20306)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20481)
Office 2019 Volume Licensed: Version 1808 (Build 10396.20023)
Microsoft Outlook 2016 (32-bit edition) 16.0.5387.1000
Microsoft Outlook 2013 Service Pack 1 (32-bit editions) 15.0.5537.1000
Microsoft Outlook 2013 RT Service Pack 1 15.0.5537.1000
Microsoft Outlook 2013 Service Pack 1 (64-bit editions) 15.0.5537.1000
Microsoft Outlook 2016 (64-bit edition)16.0.5387.1000
You can check your version of office by going to file and office Account.
For your desktops / laptops you do have the option to update your outlook client yourself.
You can do this by going to File, Office Account and clicking Update Options, then Update.
Click Update options to update office.
Close any office Apps and click continue.
Once you open Outlook again you should be on the latest version.
If you have any questions or concerns please get in touch with your client account manager.