"Hackers Find Ways Around a Years-Old Microsoft Outlook Fix"

Email remains a weakness in security as highlighted by the ongoing exploitation of a flaw in Microsoft Outlook that was disclosed and patched in October 2017. The U.S. Cyber Command issued a warning about the exploitation of the vulnerability in July of this year. Security researchers discovered that the vulnerability has been abused by the Iranian government-linked hacking group, known as APT33, and another Iran linked- hacking group, APT34. The vulnerability derives from Outlook's Home Page feature, which can be used as a home screen and to load external content. If a hacker were to gain access to a user's account credentials, they could abuse the bug in the Home Page to upload malicious content, remotely execute exploit code, and take over a device's operating system. This article continues to discuss how hackers could be getting around the fix for the Microsoft Outlook bug. 

Wired reports "Hackers Find Ways Around a Years-Old Microsoft Outlook Fix"