Flaw in Microsoft Outlook allows attackers to easily steal sensitive information
Target: Microsoft Outlook users
Attack Vector: OLE attachments in Outlook.
Summary: A vulnerability tracked as CVE-2018-0950 has been partly patched by Microsoft in April’s Patch Tuesday. The details of the vulnerability have been released after a security researcher made Microsoft aware of it 18 months ago. The vulnerability allows an attacker to access sensitive information such as usernames and password hashes by enticing victims to preview an email in Microsoft Outlook.
Risk assessment summary: This threat is assessed at 3E MODERATE. As Microsoft has patched, the risk of exploitation is lowered however, there is still a risk of other attack techniques which require user interaction that can still take place using this vulnerability. An attacker also has to be able to crack the hashed password to make use of the other personal information they would get from carrying out this attack.