We want to inform you of a critical security issue affecting Microsoft Outlook/365 applications.
This vulnerability, known as CVE-2023-23397, is being exploited by cybercriminals and requires immediate attention. Simply put, attackers can gain unauthorized access to your systems and steal sensitive information just by sending a specially crafted email.
The concerning part is that you don't even need to open the email for the attack to take place. It happens automatically when the email is processed by your Outlook application. This affects nearly every version of Microsoft’s incredibly popular email client, Outlook, different versions of Microsoft 365 Apps for Enterprise, and Office 2013, 2016, and 2019.
Our team is working diligently to apply the necessary security patches and implement recommended safeguards to protect your systems. Microsoft has provided measures to help mitigate the risk, and we are taking every necessary step to ensure your data remains secure.
To ensure our clients have the current version of office, we ask that you take the following steps immediately:
From within one of the Office applications (Outlook, Word, or Excel), click on FILE and then select OFFICE ACCOUNT.
Under OFFICE UPDATES, find UPDATE OPTIONS, then click UPDATE NOW.
Please do not hesitate to reach out if you would like to discuss the risks and remediations we plan to implement moving forward.
Dedicated to your security,
Chuck Poole, CISSP
PalmTech Computer Solutions