outlook
Brian Krebs posted his usual “Patch Tuesday” update for Fat Tuesday (yesterday, February 13th) and listed in there was a doozy, an email-client specific bug that I almost missed: “CVE-2024-21413, a critical remote code execution bug in Microsoft Office that could be exploited just by viewing a specially-crafted message in the Outlook Preview pane.” Brian points out today: “Microsoft has updated its security advisory for [this] critical Outlook bug they patched on Tuesday: They’re now saying it’s under active attack.” Not good. Be safe, and make sure you’re up to date with latest versions and all security patches!
Microsoft recently posted that their Exchange Online servers (which I think also includes Microsoft 365/Office 365, basically any business email cloud-hosted by Microsoft) will soon block mail from old, unpatched Microsoft Exchange servers.Unlike the recent DMARC changes for Microsoft OLC, this likely has no impact to email marketing senders. Few email marketers are using years-old versions of self-hosted Microsoft Exchange for sending email messages.This does likely have a positive impact on the email ecosystem as a whole, though. Setting aside the snark of Microsoft (new, cloud) blocking Microsoft (old, on premise) servers, rejecting mail from servers that are (or could be) engaging in potentially bad acts is a good way to protect users from malware, phishing and spam, and hopefully will also nudge admins of those outdated servers to either upgrade them or shut them down, which will eliminate them as spam and phish vectors, making all of our inboxes