Microsoft Outlook users have a new security concern. A vulnerability in the platform increases the risk of exposing your password to threat actors when you accept calendar invitations.
Cybersecurity researchers from Varonis Threat Labs uncovered this Microsoft Outlook security flaw in July 2023. Microsoft fixed it with a patch on December 12, 2023. If you haven’t implemented this patch, malicious attackers may gain access to your passwords.
Explaining the Calendar-Dependent Microsoft Outlook Security Flaw
The latest Microsoft Outlook vulnerability can leak your password hash in one click.
The vulnerability allows attackers to launch offline brute-force attacks (where they test millions of passwords against the hashed passwords from your system) or relay attacks. Either way, the result could be compromised accounts or unauthorized access to critical data.
How Are Victims Attacked?
This Microsoft Outlook security flaw targets how Outlook handles calendar invites and user interaction throughout the process.
In most cases, you must open an iCalendar file (.ics) to accept a calendar invite on Outlook. Accepting the file format is the only way to transfer events or other calendar data to your calendar application.
Threat actors actively exploiting vulnerabilities in Microsoft Outlook infuse malicious headers into the .ics file, forcing a remote code execution. Successful execution sends them NTLM v2 hashed passwords from the victim’s system.
So, it only takes one click (which is accepting the calendar invite) for the victim to unwittingly give up access to their passwords.
How To Protect Yourself From The Flaw
You can protect yourself from this Microsoft Outlook security flaw in various ways.
Technical Approaches
Cyber security experts recommend several technical approaches to avoid NTLM v2 hashed passwords:
- Adopting Kerberos authentication in place of NTLM wherever possible
- Blocking outgoing NTLM v2
- Protecting your SMB server from man-in-the-middle attacks
Non-Technical Approaches
Everyday Outlook users can also take steps to avoid security vulnerabilities such as this one. The first option is to stay up to date with security patches.
Microsoft (and other tech giants) constantly monitor threat reports. They publish a security update when the threat level of a vulnerability is high enough to warrant action. Users are now responsible for downloading patches to protect themselves.
Keeping your systems up to date helps keep you safe from threats like the current Microsoft Outlook security flaw.
Secondly, users must be more careful about the calendar invitations they accept. Always verify the sender and any invitation or request details before accepting them. Check for obvious signs of spoofing, such as misspelled names, domains, or email addresses.
You should also pay attention to the subject and message body. Are they relevant? Have you shown any interest in such an event recently? If you have any reasons to doubt the invite’s authenticity, ignore it.