Dangerous Microsoft Outlook flaw could let hackers send out malware via email
Posted by:
Sarah Collins
Microsoft has issued a critical patch to address a vulnerability in its Outlook email client that was being exploited by threat actors to distribute malware. The vulnerability, known as CVE-2025-21298, had a severity score of 9.8/10 and could be triggered simply by previewing a malicious email in the Outlook preview pane. The flaw exploited the Windows Object Linking and Embedding (OLE) function, allowing threat actors to execute remote code on a victim’s machine. Microsoft advises users to apply the patch immediately to prevent the risk of malware infection. For those unable to do so right away, Microsoft recommends mitigations such as viewing emails as plain text and restricting NTLM traffic. Failure to address this vulnerability could lead to severe business disruptions, loss of customers, and potential regulatory fines. Stay informed and protected against evolving cyber threats.
Recent Posts1
Microsoft’s new Surface for Business PCs have AI firmly at the core
February 5, 2025
Watch out, your office phone could be hijacked into a Mirai botnet
February 5, 2025