Microsoft has disclosed a severe security vulnerability (CVE-2023-23397) that affects all supported versions of Microsoft Outlook for Windows. The vulnerability can be exploited with an email message or a calendar invitation, that allows an attacker to use your login credentials without knowing your password.

• It does NOT affect online services such as Outlook Web Access (OWA) and Microsoft 365.
• It does NOT affect Outlook for Android, iOS, or macOS versions.

Microsoft has released an update to address this vulnerability.

Please manually update your Office apps as soon as possible. Updating manually will prevent your apps from unexpectedly closing and mitigate loss of unsaved work if your device automatically updates.

How to install Office updates

1. Open any Office app, such as Outlook, Word, or Excel, and create a new document.
2. Select File > Account (or Office Account if you opened Outlook)
3. Under Product Information, choose Update Options > Update Now.
4. If prompted to close an Office app, select Continue.
5. Close the Updates were installed window after Office is done checking for and installing updates.

Help and support

If you have questions or need help updating your Office apps, contact your IT department or the Drexel IT Help Desk.