We’re aware of a critical Microsoft Outlook privilege escalation vulnerability that is being actively exploited.
This vulnerability can be exploited by sending a specifically crafted email which triggers automatically when it is retrieved and processed by the Outlook client. No user interaction is required, making this a highly critical vulnerability.
It impacts all unpatched Microsoft Outlook for Windows (excluding Outlook for Mac, IOS and Android, Outlook web applications and Office 365 instances).
Available solution
Microsoft has released a security update to patch this vulnerability. Please apply the relevant patches to any impacted products. Please find more information on Microsoft Security Response Center, under Security Updates.
We also encourage schools with the impacted products to check if they have been previously targeted by using the Microsoft powershell script that can be found here.
If you have any questions or concerns please don’t hesitate to contact our Customer Support team on 0800 LEARNING.