Microsoft Outlook Users Told to Update Urgently to Fix Exploit

Microsoft is urging Outlook users to update their software, reset passwords and enable MFA as unpatched systems are targeted.

Microsoft – which recently thwarted one the largest DDoS attack ever recorded – has issued a warning this week advising all Outlook users to update their software immediately after observing a nation-state threat actor actively exploiting a known vulnerability to target Exchange users.

Microsoft saw its Outlook services taken offline by the now-notorious hacking group Anonymous Sudan as recently as last month, another group thought to be linked to the Russian state who’ve targeted the tech giant on multiple occasions this year.

The fact that a patch for the vulnerability being exploited (as well as its bypass) has been available for months – yet is still being used to hack into systems –  is a telling reminder of the importance of installing security updates.

Outlook Bug Being Exploited En Masse

Microsoft “has identified a nation-state activity group tracked as Forest Blizzard… based in Russia, actively exploiting CVE-2023-23397 to provide secret, unauthorized access to email accounts within Exchange servers,” a security blog post published by the company this week reads.

According to Microsoft, the threat actor’s primary targets include government, energy, and transportation organizations, as well as some companies and entities based in the United States, Europe, and the Middle East that aren’t directly affiliated with state governments.

Surfshark logo🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special offer.See deal button

The company says it’s currently working with the Polish Cyber Command division to take action against the threat actors.

Microsoft also revealed that there is evidence that the Russian Federation’s military intelligence agency, the “Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU)” is behind the attack. Activities related to this group are also tracked by Microsoft as “Forest Blizzard” but also known as “Fancy Bear” or “APT28”.

Hackers Exploiting Already-Patched Vulnerability

As detailed on the company’s security blog, Microsoft initially patched this flaw (CVE-2023-23397) back in March 2023, when it discovered it as a zero-day thought to have been actively exploited since April 2022.

However, a bypass was discovered in May 2023 (CVE-2023-29324) which in turn forced Microsoft to release yet another patch to stop the onslaught of zero-click attacks.

Unfortunately, because updates patching these exploits require companies and organizations to install them – and not all of them have – both vulnerabilities are still being used by hackers to steal sensitive information from Outlook servers.

Microsoft’s Advice: Update Now

Along with this week’s update on precisely how this exploit is being used by hackers to target organizations across the Middle East, Europe, and the United States, Microsoft also highlighted a raft of security measures that businesses should be implementing to protect themselves.

The key advice is to ensure that the latest Microsoft Outlook security updates are applied. This advice should be heeded wherever your mail is hosted, the company says, be it Exchange Online, Exchange Server, or another platform.

However, there’s also a script you can run to check if your business’s servers have been targeted by one of these attacks. If you find out that members of your organization have been targeted, reset the passwords of any accounts that received suspicious reminders.

Microsoft also advises that businesses implement multi-factor authentication wherever possible. The full list of recommended security implementations is included in the blog post referenced earlier in this article.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Aaron Drapkin is's Content Manager. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol six years ago. Aaron's focus areas include VPNs, cybersecurity, AI and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, Cybernews, Lifewire, HR News and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, ProPrivacy, The Week, and covering a wide range of topics.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals