The latest Outlook security hole is quite easy to exploit so it’s a good idea to quickly update Microsoft 365/Office for Windows.
The security bug is easy to exploit. Infection occurs simply by downloading a small file from any web site or source and running it. Hackers know plenty of ways of tricking people into downloading and running files.
Microsoft downplays the security lapse by labelling the risk as “less likely” but MITRE gives a more realistic and less self-interested “High” risk rating. See CVE-2024-38200 for Microsoft’s version of the Outlook security bug.
Microsoft pushed out a temporary fix on 30 July 2024 with a proper patch included in the monthly “Patch Tuesday” on 13 August. There are updates for all supported Outlook (classic) for Windows (365, 2021, 2019 and 2016). File | Account or Office Account | Update to force an update to the latest Office for Windows, though it will be done automatically.
The company have some options for blocking the hack without the security patch, what they call “mitigating factors”. Those suggestions are essentially blocking NTLM access but that’s quite impractical because they would block important parts of Outlook. In other words, the temporary “cure” could be worse than the “disease”.