FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body

Let’s learn about fixing Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body. Due to the Microsoft Outlook Spoofing Vulnerability released on August 8, 2023, images are blocked, and the meeting body remains read-only in Outlook Desktop when calendar items are from other senders.

Microsoft Outlook Spoofing Vulnerability leads to specific consequences for Outlook Desktop users. This vulnerability has resulted in a series of preventive measures being implemented.

Consequently, images are blocked, and the meeting body is set to read-only for calendar items originating from senders outside the User’s organization. This measure enhances security and prevents potential exploits from spoofed emails or malicious content.

The Outlook Team is currently working on a plan to fix the problem with editing received meetings. Microsoft will provide more details about how and when they will do this once they have the information. Microsoft planned to release a non-policy registry key in the update on 10/10/23. The Outlook Team has decided not to remove the registry key solution.

Patch My PC

Are you having trouble accessing links in Outlook? Our article has simple solutions to fix restricted access to FQDN and IP hyperlinks. We have written an article that helps you solve two common issues in the Outlook app. One problem is when Outlook asks to reopen your last session; the other is the FIX Slow Attachment Saving Issue in the Outlook App. This 2 article provides easy steps to fix these problems.

What is Microsoft Outlook Spoofing Vulnerability?

FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body

The Microsoft Outlook Spoofing Vulnerability was released on August 8, 2023. A security flaw potentially allows malicious actors to impersonate legitimate senders in Outlook Desktop. As a response, security measures have been implemented to safeguard users.

How Does this Vulnerability Affect Outlook Desktop Users?

FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body

As a result of this vulnerability, Outlook Desktop has introduced specific security measures. When receiving calendar items from senders other than the meeting organizer, images within these items are blocked, and the meeting body is set to a read-only state.

Why are Images Blocked in Calendar Items from Non-Organizer Senders?

FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body 1

Images within calendar items from non-organizer senders are blocked to prevent potential spoofing attacks and unauthorized access to sensitive information. This security measure aims to protect users from malicious content embedded in images that could exploit the vulnerability.

Adaptiva

Is the Preview Pane an Attack Vector for this Spoofing Vulnerability?

FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body

No, the Preview Pane is not an attack vector.

What Type of Information could be Disclosed by this Vulnerability?

FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body

Exploiting this vulnerability could allow the disclosure of NetNTLMv2 hashes.

According to the CVSS Metric, User Interaction is Required (UI:R). What Interaction would the User have to Do?

FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body

This vulnerability requires a user with an affected version of Outlook to open a malicious meeting or appointment invite from the attacker.

Image Blocking and Read-Only Meeting Body in Outlook | Microsoft Outlook Spoofing Vulnerability

Let’s discuss the Image Blocking and Read-Only Meeting Body in Outlook. In response to the Microsoft Outlook Spoofing Vulnerability, users may experience Image blocking and encounter a read-only meeting body in their Outlook application.

FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body - Fig.1
FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body – Fig.1

Issues Related to Image Blocking and Read-Only Meeting Body in Outlook

After the security update in Outlook, there are 2 critical changes when you get meeting requests from anyone, whether inside or outside your organization. These security improvements are essential for reducing the chances of problems caused by the Microsoft Outlook Spoofing Vulnerability.

  • Read-Only Meeting Content
  • Blocking of Images

Read-Only Meeting Content

The recipient will now have limited control over the meeting content. Making changes to the body of the meeting or attaching files to it is no longer possible. This read-only mode ensures that the meeting information remains intact and secure.

Blocking of Network Path Images

Let’s learn the blocking of network path images. Images in the meeting message that come from network locations like UNC shares (\server), file share paths (File://server), or external web addresses (https://) are not allowed.

FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body - Fig.3 - Creds to MS
FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body – Fig.3 – Creds to MS

Effect of Outlook Desktop Security Updates on Image and Meeting Content

The installation of the Outlook Desktop security updates on August 8, 2023, brings about notable changes in how images and meeting content are handled. The recipients will find that images sourced from network paths or specific URLs are now blocked.

  • Additionally, the meeting content is set to a read-only mode. It helps you to prevent any modifications to the body or the attachment of files.
Microsoft Outlook Spoofing VulnerabilityDetails
CVE-2023-36893Security Vulnerability
Released Aug 8, 2023
Assigning CNAMicrosoft
ImpactSpoofing
Max SeverityImportant
Image Blocking and Read-Only Meeting Body in MS Outlook | Spoofing Vulnerability – Table 1
Image Blocking and Read-Only Meeting Body in MS Outlook | Spoofing Vulnerability - Fig.4 - Creds to MS
FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body – Fig.4 – Creds to MS

Exploitability Assessment of Microsoft Outlook Spoofing Vulnerability

Let’s discuss the Exploitability Assessment of Microsoft Outlook Spoofing Vulnerability. At its initial publication, the following table offers an assessment of the vulnerability’s exploitability.

Publicly disclosedExploitedExploitability Assessment
NoNoExploitation Less Likely
FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body – Table 2
FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body - Fig.5 - Creds to MS
FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body – Fig.5 – Creds to MS

Security Updates

The Security Updates section has two categories: Updates and CVSS Details. Under the Updates menu, you can find details like Release Date, Product Name, Platform, Impact, Maximum Severity, Article, Download Link, and Build Number.

FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body - Fig.6 - Creds to MS
FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body – Fig.6 – Creds to MS

Resolution Status

Let’s discuss the resolution status of the Image-Blocking issue and Read-only Meeting Body in Outlook. The following are the solutions.

Solution for Image-Blocking Issue in Outlook

Let’s see how to resolve the image-blocking issue in Outlook. If the Image is genuine and safe, you can easily download and view the Image. The following are the steps to download the Image.

  • Right-click on the Image.
  • Choose the option that says “Download Pictures” or “Save as Picture,” depending on your specific Outlook version.
  • This way, you can access and view legitimate images without any issues.
FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body - Fig.7 - Creds to MS
FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body – Fig.7 – Creds to MS

Solution for Read-only Meeting Body in Outlook

Let’s see how to fix the Read-only meeting body in Outlook. If the meeting body is now in a read-only mode, you need to take notes or make updates related to the meeting; here are some alternative solutions to consider.

  • Take meeting notes in Microsoft Teams
  • Take OneNote notes in a meeting
  • Create or schedule an appointment

Take Meeting Notes in Microsoft Teams

To efficiently share meeting notes and collaborate with participants, Navigate to your Teams Calendar and Click on the “+ New meeting option” to schedule a meeting. In the “Details” section, choose “Add an agenda others can edit.”

  • Proceed to input your agenda, notes, or any tasks associated with the meeting.
  • Finally, click Send.
  • This will send out the event invitation with the meeting notes conveniently attached.
  • This way, participants can access and engage with the content in preparation for the meeting.

Read moreCollaborative Notes in Microsoft Teams Meetings

FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body - Fig.8
FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body – Fig.8

Take OneNote Notes in a Meeting

You can easily take OneNote notes in a meeting. To take notes during a scheduled meeting in Outlook 2016, follow the below steps. Open the meeting that you have scheduled in Outlook 2016.

  • Go to the toolbar and select the Meeting menu
  • From the dropdown, choose Meeting Notes
Image Blocking and Read-Only Meeting Body in MS Outlook | Spoofing Vulnerability - Fig.7 - Creds to MS
FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body – Fig.9 – Creds to MS

Create or Schedule an Appointment

You can easily create a new appointment in Outlook. The following are the steps to make a new appointment in Outlook. If you’re in your Calendar folder, click “New Appointment” or press Ctrl+N. If you’re in any other folder, press Ctrl+Shift+A.

  • Enter the necessary details for your appointment, including the subject, location, start time, and end time.
  • Once all the details are filled in, click “Save & Close” to save your appointment.
  • Your appointment is now saved in your Outlook calendar; you can access it anytime.
  • This is a convenient way to keep track of your schedule and important events.
FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body - Fig.9
FIX Spoofing Vulnerability with Outlook Image Blocking and Read-Only Meeting Body – Fig.9

Images are blocked, and meeting body is read only in Outlook Desktop if calendar items are from other senders for Microsoft Outlook Spoofing Vulnerability released August 8, 2023 – Microsoft Support

We are on WhatsApp. To get the latest step-by-step guides, and news, updates, Join our Channel. Click here РHTMD WhatsApp

Author

About the Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.