Security News

June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw and a RCE vulnerability in Microsoft Outlook. CVE-2024-30080 is a use after free flaw affecting Microsoft Message Queuing and can be exploited by unauthenticated attackers by sending a specially crafted malicious MSMQ packet to a MSMQ server.

Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from replying to encrypted emails using the Outlook Desktop client. Affected customers will receive error messages stating, "Microsoft Outlook was not able to create a message with restricted permission" when trying to reply to messages using Microsoft encryption.

Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from...

Microsoft has rolled back a fix for a known Outlook issue that was causing incorrect security alerts when opening ICS calendar files after installing the December Outlook Desktop security updates. Affected Microsoft 365 users are seeing unexpected warnings that "Microsoft Office has identified a potential security concern" and that "This location may be unsafe" when double-clicking ICS files saved on their devices.

Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening. ICS calendar files after installing the December 2023 Outlook Desktop security updates.

This is applications, so it is not because I've nuked state in a browser. It is applications for services for which I am paying money.

Microsoft has confirmed that some Outlook.com users are experiencing issues with emails being blocked and marked as spam when trying to email Gmail accounts. Until the Outlook.com Team can address this newly acknowledged issue, Microsoft advises impacted users to add an Outlook.com alias to their accounts and email Gmail contacts using that alias.

Microsoft has fixed an issue causing some Microsoft 365 users' Outlook desktop clients to stop connecting to email servers via Exchange ActiveSync. Exchange ActiveSync is a synchronization protocol used by Microsoft Exchange to allow users to access their email, calendar, contacts, and tasks.

Microsoft says remote unauthenticated attackers can trivially exploit a critical Outlook security vulnerability that also lets them bypass the Office Protected View.Unauthenticated attackers can exploit CVE-2024-21413 remotely in low-complexity attacks that don't require user interaction.

Microsoft updated a security advisory today to warn that a critical Outlook bug was exploited in attacks as a zero-day before being fixed during this month's Patch Tuesday. Unauthenticated attackers can exploit CVE-2024-21413 remotely in low-complexity attacks that don't require user interaction.