Microsoft Outlook Vulnerability CVE-2018-8587 – How likely is exploitation?

I found an interesting blog post A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587 about Microsoft Outlook heap buffer overflow vulnerability where is described how Microsoft Outlook can be exploited by using specially crafted mail classification rules file (RWZ).

To reproduce this vulnerability, we need to run Microsoft Outlook, then click “Rules => Manage Rules&Alerts => Options => Import Rules” and select the PoC file which causes Outlook to crash.

enter image description here

In the end they are writing:

Applying this patch is critical since an attacker who successfully exploits this vulnerability could use a specially crafted file to perform actions in the security context of the current user.

But how likely is that someone could exploit this vulnerability? I mean an attacker needs to send this malicious file to a user who needs to actively import this file which exploits this heap buffer overflow bug. It seems to me completely different from such attacks where an attacker sends a malicious PDF document which exploits some vulnerability in Adobe Reader. Here you need to actively hack yourself (similar to self-XSS in web security).

Even Microsoft states:

To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

So this bug seems to be somewhat useless and very unlikely to exploit?

How to detect a spoofed email with Outlook Web Access?

I am specifically asking about Outlook Web Access (browser based Outlook), and not for any other email service or program.

Within Outlook Web Access, is there a way to tell whether or not an email was spoofed? For example, if I receive an email from “boss@company.com”, how can I be sure that the email is from “company.com” and not spoofed?

There is an option in Outlook to direct all messages from outside the organization to the junk folder, but I found that this feature is not reliable. Spoofed messages still get through.

Generating a CSV file from all contacts in Outlook Directory

As part of a University, I have been assigned a University email. When I access my email through Outlook, and I go on the “People” section, I am able to access a section with all of the contacts in the University.

However, I am able to export as a CSV file only the contacts that I directly add to my contacts list.

The question is: how can I export all of the contacts in the directory without directly adding them to my contacts?

Changing SharePoint Files Link in Outlook

Good Day,

I’m trying to change the “Files” link that SharePoint Group members will see in Outlook. My organization uses this button almost exclusively to access their Shared Document Library files, most of them do not know another way (It’s a work in progress).

Is there a way to change the link location of this Outlook Group “Files” button? I’m trying to direct it to a different SharePoint Document Library.

https://gyazo.com/bebfaff0faf4925e4153acfa61e6ef72

An image for reference above.

Disclaimer: I’m a novice at SharePoint Online and realize that there are MANY restrictions/changes in this version over others. So if this is yet another thing that I cannot do, I understand. Any work-around is appreciated.

-Cheers!

Outlook 365 – cannot search mailbox after restore

I’m a business user of Office 365, including Outlook. I recently had to replace the main SSD drive in my Mac Pro; I was unable to do a normal Time Machine restore (bombed out halfway through the restore), so instead I did a full reinstall of Mojava (10.14.5) and used the Migration Assistant to restore my entire system.

This seemed to work pretty well, except that I can no longer search for messages in Outlook – every search returns “No Results” almost straight away. I’ve tried the usual advice – rebooted, rebuilt Spotlight index etc, but nothing appears to fix it, and it’s becoming increasingly frustrating. Everything else, including Spotlight search for other things, seems to be working fine.

Before I try deleting and recreating my profile from scratch – which I really don’t want to do – is there anything else I can try to get searching working again?

Office365 and Outlook Email Signature Formatting

Hoping this is the right venue to ask this. If not, please feel free to point me in the right direction. That said…

I’m trying to create a nicely formatted signature block for a client who uses Office365 for their company email. I’ve formatted the block using basic html and then viewed it in a web browser. (Nothing fancy, just some text and a company logo. No CSS styles and local style attributes on all DIVs) I then select the block in the browser, copy it to the clip board and then paste it into Outlook.

It appears to strip out any padding I had on the DIVs and also seems to be ignoring or stripping out the formatting on hyperlinks and email addresses. Also, all P tags appear to not have any spacing between them. Had to resort to BR tags to get space between them.

Anyone have some direct experience with this or have knowledge of documentation on what it’s doing to my code?