Outlook Can Allow Hacker To Steal Windows Password

August 22, 2024

Outlook Can Allow Hacker To Steal Windows Password

A flaw in Microsoft Outlook allows hackers to steal your Windows password easily

Security researchers have disclosed details of a critical vulnerability in Microsoft Outlook for which Microsoft released an incomplete patch this month; almost 18-months after receiving the disclosure report.

The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to seize sensitive information, including users' Windows login credentials, just by convincing victims to preview an email with Microsoft Outlook, without needing any further user interaction.

A hacker can exploit this vulnerability by sending a Rich Text Format (RTF) email to a victim, containing a remotely-hosted Object Linking & Embedded (OLE) image, loading from the attacker-controlled server.

Microsoft Outlook automatically renders OLE content, it will initiate an automatic authentication with the attacker's controlled remote server over SMB protocol, handing over the victim's username and NTLMv2 hashed version of the password, possibly allowing the intruder to gain access to the victim's computer.

Dormann reported the vulnerability to Microsoft in November 2016, and in an attempt to patch the issue, the company released an incomplete fix in its April 2018 patch Tuesday update.

The security patch only prevents Outlook from automatically initiating SMB connections when it previews RTF emails, but the researcher noted that the fix does not prevent all SMB attacks.

"It is important to realize that even with this patch, a user is still a single click away from falling victim to the types of attacks described above," Dormann said. "For example, if an email message has a UNC-style link that begins with "\\”, clicking the link initiates an SMB connection to the specified server.”

WE HAVE ALREADY APPLIED THE LATEST MICROSOFT PATCH UPDATE TO ALL OF OUR CLIENT’S COMPUTERS, BUT SINCE ATTACKERS CAN STILL EXPLOIT THIS VULNERABILITY WE HAVE ALSO PERFORMED THE FOLLOWING:

  • Block specific ports (445/tcp, 137/tcp, 139/tcp, along with 137/udp and 139/udp) used for incoming and outgoing SMB sessions.
  • Block NT LAN Manager (NTLM) Single Sign-on (SSO) authentication.

WHAT YOU CAN DO YOURSELF TO HELP PROTECT YOUR SENSITIVE INFORMATION:

  1. Always use complex passwords, that cannot be cracked easily.
  2. Don’t click suspicious links provided in emails.

Latest posts

RMM Tool Comparison 2025: ConnectWise vs Datto vs N-able
June 2, 2025

RMM Tool Comparison 2025: ConnectWise vs Datto vs N-able

Choosing the right Remote Monitoring and Management (RMM) platform is critical for MSP success in 2025. This comprehensive comparison analyzes ConnectWise RMM, Datto RMM, and N-able N-central across pricing, features, automation capabilities, and real-world performance. Our analysis reveals that N-able N-central offers the best overall value at $1.75/device with 650+ automation scripts, while ConnectWise RMM leads in AI-powered innovation with 80% reduction in false alerts. Datto RMM remains the top choice for SMB-focused MSPs prioritizing ease of use. The article includes an interactive pricing calculator, detailed feature comparisons, integration ecosystems, and ROI analysis to help Dallas-based MSPs and IT departments make informed decisions. With 81% of IT leaders struggling to find qualified talent, selecting the right RMM tool becomes your competitive advantage.
How to install Cursor AI code editor on Windows, Mac, and Linux
May 30, 2025

How to install Cursor AI code editor on Windows, Mac, and Linux

Transform your coding experience with Cursor AI, the next-generation code editor trusted by developers at OpenAI and Perplexity. This comprehensive guide walks you through installing Cursor AI on Windows, macOS, and Linux, complete with system requirements, troubleshooting tips, and essential keyboard shortcuts. Whether you're a Dallas-based developer or coding from anywhere, learn how to set up this AI-powered editor that features GPT-4 integration, intelligent code completion, and SOC 2 certified security. Get step-by-step instructions with copy-to-clipboard commands for quick setup.
How to Install Claude Code on Ubuntu Linux: Complete Guide 2025
May 29, 2025

How to Install Claude Code on Ubuntu Linux: Complete Guide 2025

This comprehensive guide walks you through installing Anthropic's Claude Code AI assistant on Ubuntu Linux. You'll learn how to properly configure Node.js and npm, authenticate with the Anthropic API, and start using this powerful AI coding tool in your development workflow. The article covers common troubleshooting techniques, security best practices, and practical examples of how Claude Code can accelerate development by editing files, answering code architecture questions, and managing git workflows. Perfect for developers looking to enhance productivity with AI-assisted coding or IT administrators planning enterprise-wide implementation of cutting-edge development tools.