Action1 Script to Update Microsoft Office Click-To-Run
Action1 has developed a script that can initiate the update to a Click-To-Run installation of Microsoft Office, including the update that addresses the Outlook vulnerability. This script is available in the Script Library of the Action1 platform.
Here’s how to use the script:
1. Log in to your Action1 account.
2. Navigate to the Script Library and locate the “Update Microsoft Office Click-To-Run” script.
3. Click on “Run Script” and select the endpoints that you want to update.
4. Sit back and relax while the script takes care of the rest.
With this script, you can ensure that your Click-To-Run version of Microsoft Office is up-to-date and protected from the recent Outlook vulnerability.
Microsoft Outlook Elevation of Privilege Vulnerability.
This vulnerability has been rated with a high risk score of 9.8 and affects all versions of Microsoft Outlook from 2013 onwards. Microsoft has confirmed that this vulnerability is already being exploited in the wild, making it critical for organizations to take immediate action to protect themselves.
The attack is executed when an Outlook instance running on a user machine retrieves a specially crafted email, without any user interaction. The exploit occurs even before the email is viewed in the Preview Pane. If the attack is successful, the attacker gains access to a user’s Net-NTLMv2 hash, which can be used to execute a pass-the-hash attack on another service and authenticate as the user. This attack can result in serious damage, including unauthorized access to sensitive information and resources.
To mitigate the risk, Microsoft has recommended updating Outlook to the latest version. However, if updating is not feasible, adding privileged users such as Domain Admins to the Protected Users Security Group can help prevent the use of NTLM as an authentication mechanism. Blocking TCP 445/SMB outbound from your network via perimeter firewalls, local firewalls, and VPN settings can also help prevent the sending of NTLM authentication messages to file shares on your network.
However, to ensure the highest level of security, the best course of action is to install the Microsoft update on all systems after testing it in a controlled environment. It is critical for organizations to take immediate action to protect themselves against this vulnerability.