Let’s learn about fixing Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body. Due to the Microsoft Outlook Spoofing Vulnerability released on August 8, 2023, images are blocked, and the meeting body remains read-only in Outlook Desktop when calendar items are from other senders.
Microsoft Outlook Spoofing Vulnerability leads to specific consequences for Outlook Desktop users. This vulnerability has resulted in a series of preventive measures being implemented.
Consequently, images are blocked, and the meeting body is set to read-only for calendar items originating from senders outside the User’s organization. This measure enhances security and prevents potential exploits from spoofed emails or malicious content.
The Outlook Team is currently working on a plan to fix the problem with editing received meetings. Microsoft will provide more details about how and when they will do this once they have the information. Microsoft planned to release a non-policy registry key in the update on 10/10/23. The Outlook Team has decided not to remove the registry key solution.
Are you having trouble accessing links in Outlook? Our article has simple solutions to fix restricted access to FQDN and IP hyperlinks. We have written an article that helps you solve two common issues in the Outlook app. One problem is when Outlook asks to reopen your last session; the other is the FIX Slow Attachment Saving Issue in the Outlook App. This 2 article provides easy steps to fix these problems.
What is Microsoft Outlook Spoofing Vulnerability?
How Does this Vulnerability Affect Outlook Desktop Users?
As a result of this vulnerability, Outlook Desktop has introduced specific security measures. When receiving calendar items from senders other than the meeting organizer, images within these items are blocked, and the meeting body is set to a read-only state.
Why are Images Blocked in Calendar Items from Non-Organizer Senders?
Images within calendar items from non-organizer senders are blocked to prevent potential spoofing attacks and unauthorized access to sensitive information. This security measure aims to protect users from malicious content embedded in images that could exploit the vulnerability.
Is the Preview Pane an Attack Vector for this Spoofing Vulnerability?
No, the Preview Pane is not an attack vector.
What Type of Information could be Disclosed by this Vulnerability?
Exploiting this vulnerability could allow the disclosure of NetNTLMv2 hashes.
According to the CVSS Metric, User Interaction is Required (UI:R). What Interaction would the User have to Do?
This vulnerability requires a user with an affected version of Outlook to open a malicious meeting or appointment invite from the attacker.
Image Blocking and Read-Only Meeting Body in Outlook | Microsoft Outlook Spoofing Vulnerability
Let’s discuss the Image Blocking and Read-Only Meeting Body in Outlook. In response to the Microsoft Outlook Spoofing Vulnerability, users may experience Image blocking and encounter a read-only meeting body in their Outlook application.
Issues Related to Image Blocking and Read-Only Meeting Body in Outlook
After the security update in Outlook, there are 2 critical changes when you get meeting requests from anyone, whether inside or outside your organization. These security improvements are essential for reducing the chances of problems caused by the Microsoft Outlook Spoofing Vulnerability.
- Read-Only Meeting Content
- Blocking of Images
Read-Only Meeting Content
The recipient will now have limited control over the meeting content. Making changes to the body of the meeting or attaching files to it is no longer possible. This read-only mode ensures that the meeting information remains intact and secure.
Blocking of Network Path Images
Let’s learn the blocking of network path images. Images in the meeting message that come from network locations like UNC shares (\server), file share paths (File://server), or external web addresses (https://) are not allowed.
Effect of Outlook Desktop Security Updates on Image and Meeting Content
The installation of the Outlook Desktop security updates on August 8, 2023, brings about notable changes in how images and meeting content are handled. The recipients will find that images sourced from network paths or specific URLs are now blocked.
- Additionally, the meeting content is set to a read-only mode. It helps you to prevent any modifications to the body or the attachment of files.
Microsoft Outlook Spoofing Vulnerability | Details |
---|---|
CVE-2023-36893 | Security Vulnerability |
Released | Aug 8, 2023 |
Assigning CNA | Microsoft |
Impact | Spoofing |
Max Severity | Important |
Exploitability Assessment of Microsoft Outlook Spoofing Vulnerability
Let’s discuss the Exploitability Assessment of Microsoft Outlook Spoofing Vulnerability. At its initial publication, the following table offers an assessment of the vulnerability’s exploitability.
Publicly disclosed | Exploited | Exploitability Assessment |
---|---|---|
No | No | Exploitation Less Likely |
Security Updates
The Security Updates section has two categories: Updates and CVSS Details. Under the Updates menu, you can find details like Release Date, Product Name, Platform, Impact, Maximum Severity, Article, Download Link, and Build Number.
Resolution Status
Let’s discuss the resolution status of the Image-Blocking issue and Read-only Meeting Body in Outlook. The following are the solutions.
Solution for Image-Blocking Issue in Outlook
Let’s see how to resolve the image-blocking issue in Outlook. If the Image is genuine and safe, you can easily download and view the Image. The following are the steps to download the Image.
- Right-click on the Image.
- Choose the option that says “Download Pictures” or “Save as Picture,” depending on your specific Outlook version.
- This way, you can access and view legitimate images without any issues.
Solution for Read-only Meeting Body in Outlook
Let’s see how to fix the Read-only meeting body in Outlook. If the meeting body is now in a read-only mode, you need to take notes or make updates related to the meeting; here are some alternative solutions to consider.
- Take meeting notes in Microsoft Teams
- Take OneNote notes in a meeting
- Create or schedule an appointment
Take Meeting Notes in Microsoft Teams
To efficiently share meeting notes and collaborate with participants, Navigate to your Teams Calendar and Click on the “+ New meeting option” to schedule a meeting. In the “Details” section, choose “Add an agenda others can edit.”
- Proceed to input your agenda, notes, or any tasks associated with the meeting.
- Finally, click Send.
- This will send out the event invitation with the meeting notes conveniently attached.
- This way, participants can access and engage with the content in preparation for the meeting.
Read more – Collaborative Notes in Microsoft Teams Meetings
Take OneNote Notes in a Meeting
You can easily take OneNote notes in a meeting. To take notes during a scheduled meeting in Outlook 2016, follow the below steps. Open the meeting that you have scheduled in Outlook 2016.
- Go to the toolbar and select the Meeting menu
- From the dropdown, choose Meeting Notes
Create or Schedule an Appointment
You can easily create a new appointment in Outlook. The following are the steps to make a new appointment in Outlook. If you’re in your Calendar folder, click “New Appointment” or press Ctrl+N. If you’re in any other folder, press Ctrl+Shift+A.
- Enter the necessary details for your appointment, including the subject, location, start time, and end time.
- Once all the details are filled in, click “Save & Close” to save your appointment.
- Your appointment is now saved in your Outlook calendar; you can access it anytime.
- This is a convenient way to keep track of your schedule and important events.
We are on WhatsApp. To get the latest step-by-step guides, and news, updates, Join our Channel. Click here – HTMD WhatsApp
Author
About the Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.