Microsoft Outlook Vulnerability: Action Required

Published: 16 March 2023

We have been notified of a new vulnerability that has been disclosed by Microsoft for Microsoft Outlook. This classification has a privilege escalation rating of 9.8 severity rating (out of 10). 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 

For those who have our patch management service, we are rolling out, or have already rolled out, the updates for this Common Vulnerabilities and Exposures (CVE), as this is critical. Any RDS servers that is patched may also be rebooted out of hours. 

Our advice is to use the Office365 Web version. Do not use the Outlook desktop app until you have updated your outlook client.  We appreciate this may not be possible and we are looking into ways we can mitigate this. 

 

Which versions are not compromised: 

Below are the versions of Office/Outlook that are not vulnerable. If your Office/Outlook is an older version than those mentioned below, then you need to have the patch applied. 

Current Channel: Version 2302 (Build 16130.20306)
Monthly Enterprise Channel: Version 2301 (Build 16026.20238)
Monthly Enterprise Channel: Version 2212 (Build 15928.20298)
Semi-Annual Enterprise Channel (Preview): Version 2301 (Build 16130.20306)
Semi-Annual Enterprise Channel: Version 2208 (Build 15601.20578)
Semi-Annual Enterprise Channel: Version 2202 (Build 14931.20944)
Office 2021 Retail: Version 2301 (Build 16130.20306)                            
Office 2019 Retail: Version 2302 (Build 16130.20306)
Office 2016 Retail: Version 2302 (Build 16130.20306)
Office LTSC 2021 Volume Licensed: Version 2108 (Build 14332.20481)
Office 2019 Volume Licensed: Version 1808 (Build 10396.20023) 

Microsoft Outlook 2016 (32-bit edition) 16.0.5387.1000
Microsoft Outlook 2013 Service Pack 1 (32-bit editions) 15.0.5537.1000
Microsoft Outlook 2013 RT Service Pack 1 15.0.5537.1000
Microsoft Outlook 2013 Service Pack 1 (64-bit editions) 15.0.5537.1000
Microsoft Outlook 2016 (64-bit edition)16.0.5387.1000 

You can check your version of office by going to file and office Account. 

MicrosoftTeams image (226)

How to update your Outlook

For your desktops / laptops you do have the option to update your outlook client yourself.

You can do this by going to File, Office Account and clicking Update Options, then Update.

Click Update options to update office.

Close any office Apps and click continue.

Once you open Outlook again you should be on the latest version.

If you have any questions or concerns please get in touch with your client account manager.

MicrosoftTeams image (226)
MicrosoftTeams image (228)
MicrosoftTeams image (229)
MicrosoftTeams image (230)
MicrosoftTeams image (231)

Read More

Digital Solutions Summit Newmarket: Recap 

30 October 2023

Our Digital Solutions Summit Newmarket took place on the 18th October. Here's a short recap on key topics which were covered.

Servers vs SaaS 

26 October 2023

Servers vs SaaS - our CTO Simon Barnes discusses the key differences between server based applications an SaaS.

NFP Technology Forum Belfast : Recap

13 October 2023

We hosted our NFP Technology Forum Belfast in the Grand Opera House on 11th October - find out what insights and topics you missed out on!

Not-For-Profit Technology Forum, Cambridge: Recap

25 September 2023

We hosted our not for profit technology forum in Cambridge this September. Learn more about the technology insights we covered.

IT Vendor Relationship Management  

15 September 2023

Read more...