Outlook Can Allow Hacker To Steal Windows Password

July 10, 2025

Outlook Can Allow Hacker To Steal Windows Password

A flaw in Microsoft Outlook allows hackers to steal your Windows password easily

Security researchers have disclosed details of a critical vulnerability in Microsoft Outlook for which Microsoft released an incomplete patch this month; almost 18-months after receiving the disclosure report.

The Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to seize sensitive information, including users' Windows login credentials, just by convincing victims to preview an email with Microsoft Outlook, without needing any further user interaction.

A hacker can exploit this vulnerability by sending a Rich Text Format (RTF) email to a victim, containing a remotely-hosted Object Linking & Embedded (OLE) image, loading from the attacker-controlled server.

Microsoft Outlook automatically renders OLE content, it will initiate an automatic authentication with the attacker's controlled remote server over SMB protocol, handing over the victim's username and NTLMv2 hashed version of the password, possibly allowing the intruder to gain access to the victim's computer.

Dormann reported the vulnerability to Microsoft in November 2016, and in an attempt to patch the issue, the company released an incomplete fix in its April 2018 patch Tuesday update.

The security patch only prevents Outlook from automatically initiating SMB connections when it previews RTF emails, but the researcher noted that the fix does not prevent all SMB attacks.

"It is important to realize that even with this patch, a user is still a single click away from falling victim to the types of attacks described above," Dormann said. "For example, if an email message has a UNC-style link that begins with "\\”, clicking the link initiates an SMB connection to the specified server.”

WE HAVE ALREADY APPLIED THE LATEST MICROSOFT PATCH UPDATE TO ALL OF OUR CLIENT’S COMPUTERS, BUT SINCE ATTACKERS CAN STILL EXPLOIT THIS VULNERABILITY WE HAVE ALSO PERFORMED THE FOLLOWING:

  • Block specific ports (445/tcp, 137/tcp, 139/tcp, along with 137/udp and 139/udp) used for incoming and outgoing SMB sessions.
  • Block NT LAN Manager (NTLM) Single Sign-on (SSO) authentication.

WHAT YOU CAN DO YOURSELF TO HELP PROTECT YOUR SENSITIVE INFORMATION:

  1. Always use complex passwords, that cannot be cracked easily.
  2. Don’t click suspicious links provided in emails.

Latest posts

Claude Code Tips & Tricks: A Developer's Complete Guide
July 14, 2025

Claude Code Tips & Tricks: A Developer's Complete Guide

ITECS reveals why we switched from Cursor to Claude Code: handling 18K-line files effortlessly, $100/month for unlimited AI coding, and proven enterprise workflows that deliver 20:1 ROI.
OpenAI Browser vs Chrome: AI Revolution in Web Browsing 2025
July 10, 2025

OpenAI Browser vs Chrome: AI Revolution in Web Browsing 2025

OpenAI is set to launch an AI-powered web browser within weeks, directly challenging Google Chrome's dominance. Built on Chromium but featuring ChatGPT integration, the browser promises to revolutionize how users interact with the web—replacing traditional clicking and navigation with conversational AI that can complete tasks autonomously. With 400 million ChatGPT users potentially making the switch, this move could disrupt Google's advertising empire and reshape the entire internet landscape. Learn what this means for businesses and how to prepare for the AI browser revolution.
Meta's $100M AI Talent War: Why Top Researchers Say No
July 10, 2025

Meta's $100M AI Talent War: Why Top Researchers Say No

In an unprecedented move that's reshaping Silicon Valley's talent landscape, Meta CEO Mark Zuckerberg is offering eye-popping $100 million signing bonuses to lure top AI researchers from competitors like OpenAI and Anthropic. These astronomical compensation packages—totaling up to $300 million over four years—represent the most aggressive talent acquisition strategy in tech history.