Support Exchange Messaging Outlook Sponsors
Increase Your Productivity!
ReliefJet Essentials for Outlook is a set of more than 160 tools for performing a wide range of tasks in Outlook: processing email messages, contacts, appointments, meetings, tasks and other Outlook items.
Today's Highlights »
Microsoft announced a zero-day vulnerability in Outlook earlier this week and all supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.
The exploit is triggered by a specially-crafted messages and uses SMB/TCP port 445 to get NTLM authentication and gain access to other network services. No user interaction is required.
Online services such as Microsoft 365 do not support NTLM authentication and are not vulnerable to being attacked by these messages.
Organizations with on-premise mailboxes or services are at risk.
Recommended fixes to reduce vulnerability:
- Add users to the Protected Users Security Group, which prevents the use of NTLM as an authentication mechanism. Performing this mitigation makes troubleshooting easier than other methods of disabling NTLM.
- Block TCP 445/SMB outbound at the perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.
Microsoft's articles on the exploit are here:
CVE-2023-23397 - Security Update Guide - Microsoft - Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft Mitigates Outlook Elevation of Privilege Vulnerability | MSRC Blog | Microsoft Security Response Center
Microsoft is implementing a change Outlook and Edge where links in Outlook will open by default in Edge, not in your default browser (assuming it is not Edge. If you want the links to open in your default browser, you need to change a setting in Outlook's File > Options > Advanced > Link handling.
It will roll out to consumers with Personal or Family subscriptions first, beginning with the Office Insiders (beta) before rolling out to all consumers in the coming weeks. Eventually, it will turn up in business accounts.
Time will tell if this is flop or welcome change, but my money is on flop, especially since it changes the behavior users expect.
Microsoft has these two articles on this new features.
Stay in your flow with Microsoft 365 on Microsoft Edge
Multitask smarter with Microsoft 365 and Edge | Microsoft 365 Blog
You cannot change a user's categories when you work as a delegate in Outlook
Describes an issue in which you cannot make changes to categories as a delegate in another user's Inbox or Outlook folder in Outlook. Provides a resolution.
Change Appointment Reminder Sounds
Did you ever wonder if you could assign different reminders to different types of Microsoft Outlook appointments? Yes, you can! You can also change the reminder sound for tasks and flags.