Critical security exploit in Outlook

Microsoft warns of a critical security exploiit in Outlook that is already being exploited by attackers. Manipulated e-mails can be used to pass on account access data to the attackers. It is sufficient that Outlook downloads the e-mails. It is not necessary to open the e-mails or view them in the preview.

Microsoft provides updates for Outlook, which should be installed immediately. The updates are also already distributed via the WSUS server of the GWDG.

The connection options used for data outbound (tcp/445 outbound for e.g. network drive connections) have been blocked in the GÖNET transition to the Internet until further notice to prevent data outflow.

Unfortunately, this measure cannot work for Outlook accesses from external, e.g. from the home office. Here only the installation of the updates helps. Therefore it is essential that all Outlook users update to the latest version immediately. If you have any questions, please do not hesitate to contact our support.