On this blog last week, we gave a technical explanation of the latest Outlook exploit. The exploit has made a big splash and raised a lot of questions, so this week we’ll go through some of the most frequently asked questions about this exploit and how to move forward. Keep in mind that this exploit specifically concerns Outlook on the desktop, and doesn’t affect those who use the web interface.

1. Is our Email Secure now?

Microsoft issued a patch as part of their Patch Tuesday updates last week. The patch comes as a typical Windows Update. If your Outlook app is up-to-date, then you’re not vulnerable to this exploit.

2. How do I know that my Outlook is Up-to-date?

In Outlook, go to File > Office Account and take note of the version and build number. It should say “Build 16130.20332” (or a higher number).


If you’re still unsure, go to Update Options. Click “Update now.” Verify that it says “Office is up to date.”

If you are using a version of Outlook older than 2016, you can no longer receive updates. To avoid these kinds of vulnerabilities, you’ll need to upgrade to a newer version.

3. How Long was this Exploit in the Wild? Why did it take so Long to Address?

It has been reported that this zero-day exploit had been used by “a Russia-based threat actor” for as much as a year before the threat was announced and patched.

4. What is the Likelihood that my Email was Hacked?

It’s unlikely that this exploit was used against small and medium companies or regular people. Exploits of this nature tend to be highly valued by threat actors, making these kinds of attacks less widespread and more targeted (at large corporations and governmental entities). The chances that you were targeted are far lower if you have MFA on your email accounts. If you have MFA enabled on all of your workstations, the chances are even lower than that!

5. Can we tell if we were Infiltrated?

Yes, it’s possible to find out if you were targeted with this exploit. The process, though, is very time intensive—it typically takes four to twelve hours, depending on how many mailboxes you have on your network. Every mailbox has to be checked thoroughly to find evidence of this exploit and the tools to do that are complex. If you want the peace of mind that comes with explicitly checking all of your inboxes, Crown can do it for you, although it is not strongly recommended.

6. Why is MFA a Requirement Going Forward?

By the end of the second quarter of this year, Crown will require our clients to deploy MFA. As this exploit shows, it is a really important way to keep your network and your email safe, and can eliminate many security threats.

Threat actors consistently look for passwords because they are inherently vulnerable. Systems that only require a login and password have a single point of failure, whereas MFA has multiple things that need to go wrong for an attack to succeed. While it isn’t 100% perfect, MFA greatly increases the amount of effort that a hacker needs to put into a successful attack on your personal information.

7. What else do I need to do about Exploits like this?

Generally speaking, it’s a good idea to restart your workstations at least once a week. This clears the computer’s memory and allows for updates to be installed (if necessary). Crown Computers updates your workstations at night, so your workstations need to be on at the time of a scheduled patch. We send an email reminder the day before the update to let you know when to leave them on, but if you need to know when you’re scheduled for patching, contact us.

8. What can I do to further Secure our Network and Email?

The first step is to make sure that you have MFA enabled where it matters (email and workstations). Next, make sure that you have modern antivirus and endpoint detection. Beyond that, plenty of services can help you increase your level of security and usability:

  • Proofpoint Commercial Grade Spam Filtering
  • Office365 Security Audit and Customization
  • Phishing Training
  • Threat Management Software
  • Password Manager
  • Encryption of laptops and workstations
  • Siem (Todyl)
  • Advance EDR Solutions
  • Log Retention (Netwrix)

These are listed here in order of their general importance, but to work out what is best for your business’ needs and budget, schedule a technology business review with us today.