CVE-2017-11774

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions 2010 SP2 through 2016 Microsoft Office 365 (affected versions not specified)

Description The issue is related to the improper handling of objects in memory by Microsoft Outlook, allowing an attacker to execute arbitrary commands and bypass security features. This vulnerability has been exploited by Iranian hackers, according to the US Cyber Command. The vulnerability can be used to remotely execute code on a victim's device by substituting the home page of the Outlook client with a malicious HTML page. It is estimated that the vulnerability affects a significant number of devices worldwide, given the widespread use of Microsoft Outlook.

Recommendations For Microsoft Outlook versions 2010 SP2 through 2016, update to a newer version that includes the fix for this vulnerability. For Microsoft Office 365, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable Outlook client to minimize the risk of exploitation. Avoid using the Outlook client until the issue is resolved.