Outlook is the victim of a critical security flaw allowing hackers to take control of your device and access your personal data. Update your email immediately with Microsoft’s patch!
France is on alert at the moment! As the Olympic Games fast approach, cybercriminals are unleashed against French organizations and users. In recent weeks, Social Security has been the victim of a violent cyberattack, which affected no less than 33 million policyholders, as well as La Poste, Crédit Agricole, Free and CAF. In short, vigilance has never been so important! On February 26, the government platform Cybermalveillance.gouv.fr and ANSSI (the National Agency for Information Systems Security) sounded the alarm about a “critical security flaw” detected in Outlook.
Referenced under the gentle name CVE-2024-21413, it allows, if properly exploited, to take remote control of devices and equipment, and can lead to espionage, theft and destruction of confidential information. Malicious actors could indeed “very soon exploit this vulnerability to carry out massive attacks against vulnerable systems”warns Cybemalveillance.gouv.fr in a communicated. If you are one of Outlook users, hurry up to update email!
Outlook security breach: what to do if you are affected?
The alert was launched throughCyber Alert, a system put in place in July 2021 and launched as soon as a threat or critical flaw is identified and qualified as such, jointly by ANSSI and Cybermalveillance.gouv.fr. Above all, it allows businesses, communities and associations to be informed of current threats and to help them protect themselves from them. An alert of this magnitude is, however, rare. Since the tool was implemented, only eleven Alert Cyber warnings for critical security vulnerabilities have been issued, including Microsoft Outlook.
The security flaw affects Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021 and Microsoft 365 Apps. Normally, the email web client is not affected. Exploiting the breach makes it possible to bypass certain security measures in the Office suite, which normally prevent access to an external resource until the user has validated it. They are particularly useful in the event of a malicious link sent by email.
The vulnerability has been corrected a first time by Microsoft on February 13, then a last time on February 22. However, it is necessary to update Outlook. We therefore recommend that if you use one of the affected email versions, you install the latest update as quickly as possible. To date, no exploitation of the flaw has yet been reported to the authorities, although it is possible that it has already caused victims.