Security News
Microsoft has addressed a known issue affecting Outlook for Microsoft 365 customers that prevented them from accessing group mailboxes and calendars using the Outlook desktop client. "A recent standard service update inadvertently contains an authentication code regression which is resulting in some users being unable to access or perform various Microsoft 365 group actions in the Outlook desktop client," the company described the issue under EX540503 in the Microsoft 365 admin center.
Microsoft is investigating an ongoing issue preventing some customers from using the search functionality across multiple Microsoft 365 services. The list of affected services includes but is not limited to Outlook on the Web, SharePoint Online, Microsoft Teams, and Outlook desktop clients.
The mid- to long-term outlook for the market has also been increased slightly - the five-year compound annual growth rate is now projected to be 5.2%, compared to the previous forecast of 4.9%. IDC has raised the growth projection despite a weak economic outlook largely because of stronger than expected vendor performances across the 2022 finish line, growth indicators from adjacent markets, increased government funding, and, to some extent, inflation impacts. The US market's actual growth in 2022 was adjusted up by almost 1.17 percentage points compared to the previous forecast and is now at 6.2%. The US software market's forecasted growth and hardware installed base also remain strong.
Microsoft is working on fixing an issue affecting some Outlook for Microsoft 365 customers and preventing them from accessing emails and their calendars. "After updating to Outlook Version 2303 Users may be unable to view or access Microsoft 365 group calendars and email messages in Outlook Desktop," the company said in a support document published on Thursday.
Microsoft on Friday shared guidance to help customers discover indicators of compromise associated with a recently patched Outlook vulnerability.Tracked as CVE-2023-23397, the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager hashes and stage a relay attack without requiring any user interaction.
Microsoft today published a detailed guide aiming to help customers discover signs of compromise via exploitation of a recently patched Outlook zero-day vulnerability. Microsoft also shared guidance on how to block future attacks targeting this vulnerability, urging organizations to install the recently released Outlook security update.
Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows that allows hackers to remotely steal hashed passwords by simply receiving an email. The issue is a privilege escalation vulnerability with a 9.8 severity rating that affects all versions of Microsoft Outlook on Windows.
"The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client," Microsoft explained. While Microsoft doesn't provide any details about what kind of nefarious deeds attackers are doing after exploiting the bug - or how widespread attacks are - Zero Day Initiative's Dustin Childs advises: "Definitely test and deploy this fix quickly."
Microsoft has patched an Outlook zero-day vulnerability exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations. Microsoft shared this info in a private threat analytics report seen by BleepingComputer and available to customers with Microsoft 365 Defender, Microsoft Defender for Business, or Microsoft Defender for Endpoint Plan 2 subscriptions.
Microsoft will soon fast-track multi-factor authentication adoption for its Microsoft 365 cloud productivity platform by adding MFA capabilities to the Outlook email client. The company says in a new Microsoft 365 roadmap entry that users will be able to complete MFA requests for Microsoft 365 apps directly in the Outlook app via a new feature dubbed Authenticator Lite.