Make sure your systems are patched as
Microsoft fixes over 50 serious security flawsWe see updates and patches delivered to our systems on a regular basis. These are delivered for us to apply when convenient. The problem is sometimes it is quicker and easier not to apply the updates. Microsoft issue updates for a reason. Failing to apply these when issued can lead to vulnerabilities being exploited and systems compromised. Last week we saw a patch which addressed security holes in Outlook. The hole allows an attacker to run malicious code. Code may be delivered by opening an attachment or visiting a web page. Even viewing an email in a preview pane will be sufficient. Turn off preview panes.
Microsoft have issued their detail on how the hole may be exploited:-
Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.More information on the specific patch MS10-064 Vulnerability in Microsoft Office Outlook could allow remote code execution Microsoft apply levels of importance to updates and patches. A language update maybe assigned a non-critical status however this was assigned as critical. Critical updates must be applied. With the coming of GDPR (General Data Protection Regulation) it will be our responsibility to make sure systems are secure. It will become a requirement we apply updates and maintain an audit of updates.