"Microsoft Battles Zero-Day Attacks and Vulnerabilities in Outlook and 365 Apps"
Microsoft has identified a Russian-based threat actor behind the exploitation of a critical vulnerability in its Outlook software. The company has urged all customers to update their Microsoft Outlook for Windows to remain secure. The vulnerability is a critical privilege escalation issue that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB share on a threat actor-controlled server. Microsoft has also flagged a second vulnerability for urgent attention and warned attackers are continuing to actively bypass its SmartScreen security feature.