Possible Outlook vulnerability

[krs]

Just came across this:

Microsoft vulnerability can strike before users open ‘malicious’ email: CSE centre - National | Globalnews.ca

The alert sent out Wednesday says the advisory from Microsoft was one of "several critical vulnerabilities" published by the company the day before.

globalnews.ca

I don't use Outlook and I have no idea if this is also an Outlook for Mac issue, but if you do use Outlook it's probably worthwhile to check this out in more detail.

 

[Randy B. Singer]

I don't use Outlook and I have no idea if this is also an Outlook for Mac issue, but if you do use Outlook it's probably worthwhile to check this out in more detail.

Fortunately, this is a Microsoft-only vulnerability. It goes back to the difference in security philosophies between Windows and MacOS. Windows allows random code to run within certain applications, like their e-mail program. Apple has always avoided such things for security reasons. That's why malicious e-mails have always been a very large problem for Windows and no problem whatsoever on the Mac.

https://www.cyber.gc.ca/en/alerts-a...-vulnerability-allowing-ntlm-credential-theft

To their credit, Microsoft was right on top of this. They have already pushed out an update to protect against this vulnerability. No update was required for the Mac version of Outlook:

https://www.cyber.gc.ca/en/alerts-a...y-advisory-march-2023-monthly-rollup-av23-146

 

[krs]

Thanks, Randy

Especially for the explanation why this is a Windows Outlook issue and not a Mac Outlook issue.

 

[Randy B. Singer]

Thanks, Randy

Especially for the explanation why this is a Windows Outlook issue and not a Mac Outlook issue.

It's always nice to remember why we all use Macs. One of the big reasons is that Apple takes security extremely seriously. Macs aren't invulnerable to malware, but they are several orders of magnitude less susceptible to it than Windows, and they are continually being made more and more secure.