Outlook Archives - Securezoo

Microsoft March 2023 Security Updates Fixes 101 Vulnerabilities (9 Critical, 2 zero-days)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / March 14, 2023 / CVE-2023-21708, CVE-2023-23392, CVE-2023-23397, CVE-2023-23404, CVE-2023-23411, CVE-2023-23415, CVE-2023-23416, CVE-2023-24880, ICMP, Outlook, RCE, SmartScreen, Windows

The Microsoft March 2023 Security Updates includes patches and advisories for 101 vulnerabilities, including 9 Critical severity issues and two zero-days exploited in the wild.

Microsoft disables Basic authentication in Exchange Online to fight password spray attacks

Authentication, Cybersecurity Attacks, Messaging Security / By Frank Crast / October 7, 2022 / authentication, basic auth, EAS, EWS, Exchange, Exchange Online, IMAP, Microsoft, Oauth, OAuth 2.0, Outlook, POP, RPS, SMTP

Microsoft has disabled Basic authentication in Exchange Online tenants to help fight against password spray attacks. Attackers are stepping up attacks in anticipation, Microsoft warns.

Attackers reverse Outlook vulnerability CVE-2017-11774 patch functionality

Endpoint Security, Vulnerabilities & Exploits / By Frank Crast / December 4, 2019 / APT33, APT34, CVE-2017-11774, FireEye, Outlook

Researchers at FireEye have spotted an uptick in active exploits of CVE-2017-11774, an Outlook security feature bypass vulnerability. Attackers are also actively reversing Outlook vulnerability patch functionality. To help protect against such exploits, FireEye has provided Outlook hardening guidelines.