Hackers get past Microsoft Outlook vulnerability fix: 5 things to know

Cybercriminals and other hackers can still find ways around what Microsoft Outlook said was a fix for a vulnerability, according to Wired.

Here are five things to know:

1. In October 2017, Outlook disclosed a flaw in its Home Page feature that allowed a user's inbox to be exploited. The Home Page feature can function as a user's home screen; however, many users don't know the server exists because they open Outlook to their inboxes.

2. If a hacker gained a user's account credentials, they could exploit a flaw in Home Page and upload malicious content to the user's device.

3. Promptly in 2017, Microsoft released a patch for the flaw. The tech giant said the vulnerability was low severity, but nonetheless, the company said it had a fix.

4. For the patch, Microsoft tweaked the Home Page feature. The fix hid the ability for hackers to configure the Home Page URL setting in Outlook.

5. However, the patch is not a fix all, according to Wired. Instead, hackers can re-enable their ability to configure a Home Page URL setting in Outlook. This could leave users with the most updated Outlook version vulnerable to attack.

Microsoft did not return Wired's request for comment.

More articles on cybersecurity:
Michigan insurer alerts members of data breach
Sentara Hospitals agrees to $2.2M HIPAA settlement for incorrectly reporting data breach
16 cybersecurity incidents in November

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Webinars

Featured Whitepapers