Office of Information Security

Zero-day

March 15, 2023

Patch now! MS Outlook 0-Day vulnerability

Summary Recommendations for UW students, faculty, and staff Technical details Things UW-IT will do Recommendations for IT Staff Resources Summary On March 14th, Microsoft disclosed a critical security vulnerability (CVE-2023-23397) that affects all supported versions of Microsoft Outlook for Windows. The vulnerability can be exploited with an email message or a calendar invitation, and ultimately,…

May 31, 2022

Zero-day vulnerability in Microsoft products

Microsoft Office logo

News about this vulnerability is evolving and we will update this post as we gather information. Overview Things to do (IT staff) Recommendations for the UW community References Overview A zero-day vulnerability, dubbed “Follina” by a security researcher, allows remote code execution in Microsoft products. It has been actively exploited since April. On Monday, May…