There is no user interaction required to trigger this vulnerability.
Once Outlook receives this message it initiates a NTLM authentication with this SMB share server. Microsoft will make a similar toggle available to Windows Insiders "in the coming weeks.An attacker can send an email to the victim with an extended MAPI (Microsoft Outlook Messaging API) property with a UNC (Universal Naming Convention – A string format that specifies the location of a resource) path to an attacker-controlled SMB (TCP 445) share. The Outlook app will also eventually be replacing the free built-in Mail and Calendar apps preinstalled in Windows. Microsoft says toggling between the two will result in "no data or email loss." Outlook for Windows users signed up for the Office Insider program will be able to try the new app by hitting a "try the new Outlook" toggle in the upper-right corner of the app window hit the toggle again to return to the old Outlook app.
Today, Microsoft is taking another step toward that goal, with an updated preview for the new Outlook client that will be available to all Office Insiders in the Beta and Current channels. It was a step closer to something Microsoft has been working toward for a while-a unified Outlook client across all of its platforms, based on the design of the web version.
Further Reading Microsoft previews a new, totally redesigned Outlook for Windows appĮarlier this year, Microsoft released a preview of a totally redesigned Outlook for Windows client.
0 kommentar(er)
