Event Overview
Microsoft's March 2023 patch updates included several high priority patches that need to be applied on Windows desktop systems. Included in these updates is a critical security patch for Microsoft Outlook Clients for Windows. The CVE-2023-23397 is a Critical vulnerability affecting Microsoft Outlook. An external attacker could send a specially crafted email that will cause a connection from the victim to an external location of the attackers’ control.
A Windows and Outlook software update is required immediately.
Who is Affected
- Everyone with a Windows Computer with the Outlook Desktop Client
How to Update
For Non-Managed Computers (Personal):
Please run your Windows updates immediately and verify that your Outlook client is on Version 2302.
For Managed Computers (Institutionally Owned– eg. DAP, CAP, provisioned, etc.):
When connected to the campus network, please run the update once prompted (starting on 3/17), and restart your computer. Do not defer the update.
Note: if off campus, please connect to the VPN to receive the update prompt.
If you need help
Please reach out to your school's IT group for any questions or additional support.