What you need to know and do about the latest Microsoft Outlook vulnerability


You will no doubt have seen the escalating news about the latest Microsoft Outlook vulnerability (CVE-2023-23397). If you have and ignored it or if you haven’t seen it, please keep reading to understand what it is, what it means for your organisation and what you can do to protect yourself and organisation quickly and easily.

What is CVE-2023-23397?

It is a Zero Day (Critical) vulnerability within Microsoft Outlook which can expose your password hash to attackers. Once your password hash has been stolen, attackers can do things like crack your password and then use it to login to other sites and applications appearing as you (the user).

What is particularly challenging with this vulnerability is its ability to infiltrate Microsoft Outlook without you even having to open an e-mail or click on an embedded link. So, if you’re targeted and your system is not up to date, there’s potentially trouble ahead.

How critical is CVE-2023-23397?

Rated 9.8 /10 on the Common Vulnerability Scoring System, this vulnerability it is extremely critical, so if you think you are at risk, read on to find out how to fix it.

What action can you take?

In simple terms, update your system. This will remediate the vulnerability immediately.

Microsoft has released an update to the Microsoft Office application suite for users to install.

Your ability to update Microsoft Office, however, will vary based on which policies your IT provider has enforced.

To check if you can update your own Microsoft Office applications – from within any application (Word, Excel or Outlook) follow these instructions:

Number 1

On the ribbon, click on File.

Number 2

Look to the bottom left and click on Account

Number 3

Look over to the right and click on Update Options. Then click on Update Now

Number 4

Office will then automatically update, and this will take 5-10 minutes to complete.

Number 5

You may have to save your work and restart your applications.

Number 6

When the update is complete, your system will be up-to-date and protected from this vulnerability.


If you are unable to click on “Update Options” or you are missing the “Update Now” button shown above, your IT provider is likely controlling your ability to update Microsoft Office.

In these cases, please connect with your IT Services provider and ask them to push through the latest update or contact us for support and assistance.

We also recommend implementing a regular Microsoft Office update schedule, so that your computer is regularly receiving the latest security updates and new features.

Our final recommendation

It’s extremely straight forward.

1 – Take immediate action – update your Microsoft Office software as soon as you can.

2 – Talk to us for advice or support – we are here to help.

Related articles

6th December, 2023 | Stephen Ellis

How to deliver modern customer experiences with legacy finance platforms

Financial service providers are wedged between yesterday and tomorrow. While traditional systems still power core solutions (and will for some time), today’s customers expect personalised, real-time service delivery across any channel. How do you bridge the gap without reinventing the wheel?
4 minutes
21st November, 2023 | Dan Weis

From static reports to remediation: the journey to next-level cybersecurity

Our rigorous penetration test reporting is just the beginning. We understand that for most organisations, the real challenge begins with turning those findings into tangible security improvements. That's why we've introduced an intuitive, interactive Penetration Testing Reporting portal that allows you to seamlessly manage your vulnerabilities in a central location for multiple stakeholders to action accordingly.
5 minutes
20th November, 2023 | Janniek Starren

How Teams proliferation exposes you to security and compliance risks

Remember that cross-functional team that ran the big product launch in 2022? No, neither do I. But it still exists online, complete with sensitive financial documents, third-party access, and private discussions about competitors. Did anyone lock the door on the way out?!?   The recent rush to remote and hybrid work has created a flurry […]
5 minutes


Expert strategies for tackling 2021’s cyber security norms

nexon-cybersecurity-ebook@1x 1