The email does not even need to be opened for the attack to proceed.
Outlook is an email program used by many organizations. Mostphotos
Microsoft announced a serious vulnerability in its Outlook e-mail program. Cyber Security Center informed about it on Wednesday.
An attacker can activate the vulnerability by sending a certain type of email to the user. There is no need to open or preview the email. An email message creates a connection between the attacker and the victim.
The vulnerability enables the exploitation of credentials, which can be used to increase access rights and enable an NTLM Relay attack against another service. In an attack, the victim’s passwords and server credentials end up with the attacker.
You can find out if an organization has already been attacked using a script provided by Microsoft. You can find the script from here.
To fix the vulnerability, Microsoft has also released an update to Outlook that can be used to fix the vulnerability. You can find the update from here.