Critical security issue in Outlook
A critical vulnerability has been discovered in Microsoft Outlook that could allow an attacker to elevate access rights. The vulnerability is exploited by sending a specific type of email message to Outlook. The attack is triggered when the email arrives in Outlook, even before the email is opened or previewed.
For the time being, it is recommended to use the Outlook Web Application or the Outlook app on your phone.
Haaga-Helia's IT Services have already taken measures to prevent the attack and are investigating the situation further. Effective prevention and remediation measures are being sought and tested.
An easy way to act safely is to switch to Microsoft's browser mail (Outlook Web Application/OWA), at least for the time being. It is opened by going to the following web browser address https://mymail.haaga-helia.fi (or https://www.office.com and then select Outlook). Login with your normal Haaga-Helia login (in the format firstname.lastname@example.org). The interface of OWA is slightly different from that of Outlook on the workstation, but roughly the same functionalities can be found, sometimes in slightly different places.
Outlook applications for mobile phones are also safe from this vulnerability.
For more information, see e.g. the National Cyber Security Centre bulletin (currently only in Finnish)
More information will be provided later.