The name of the base system (platform): | Microsoft Office |
Developers: | Microsoft |
Last Release Date: | 2020/07/15 |
Branches: | Internet services |
Technology: | Office Applications, Mail Server |
Content |
Main article: E-mail
In addition to email client functions for working with e-mail, Microsoft Outlook is a full-fledged organizer that provides calendar, task scheduler, notebook and contact manager functions. Outlook also allows you to track your work with Microsoft Office documents to automatically create a work diary.
Outlook can be used as a separate application, as well as act as a client for the Microsoft Exchange Server mail server, which provides additional functions for the collaboration of users of the same organization: shared mailboxes, task folders, calendars, conferences, scheduling and reserving time for shared meetings, and document coordination. Microsoft Outlook and Microsoft Exchange Server are a platform for organizing document flow, since they are provided with a system for developing user plugins and scripts with which it is possible to program additional document flow functions (and not only document flow) that are not provided in the standard package.
2024: Critical vulnerability detected in Microsoft Outlook email client
FSTEC and NCCCI noted in their warnings a dangerous vulnerability in Microsoft Outlook, which received the code BDU:2024-01322[1]. Fixes were published for her in mid-February on the day of the monthly release of information about vulnerabilities, which is centrally satisfied with Microsoft. According to the classification, the vulnerability received a level of 9.8 out of 10 according to the CVSS 3 standard. Email client included in Microsoft Office 2016, Microsoft 365 Apps for Enterprise and Microsoft Office 2019 will be affected. Updates have been released for all versions. The vulnerability even got its own name - MonikerLink.
In accordance with the FSTEC warning, exploitation of the vulnerability can allow an attacker acting remotely to execute arbitrary code by opening a specially crafted URL by the user.[2] Point, the mail client incorrectly processes URIs with alternative protocols. In particular, when using the file protocol ("file ://"), you can download files from external servers and execute them. This attack also allows you to organize a leak of NTLMv2 hashes. Thus, Outlook users are advised not to click on links received in email messages.
It should be noted that at some point the vulnerability was marked 'exploited in wildlife', although a day later it was placed on another vulnerability - in Microsoft Exchange, and MonikerLink was removed. However, after a while, the source code of the exploit was published on GitHub by Alexander Hagenach from the Swiss company SIX Group. Most likely, the vulnerability in the very near future can be massively exploited in spam mailings and attacks through contractors.
2023
Attack by companies around the world through 750 million fake Microsoft accounts
On December 13, 2023, Microsoft announced the elimination of the American infrastructure of a cybercriminal group called Storm-1152. It is alleged that the attackers created approximately 750 million fake Microsoft accounts, which were then used to organize all kinds of fraudulent schemes.
The investigation found that Storm-1152 managed a number of resources that sold fake Microsoft Outlook accounts and specialized tools to bypass CAPTCHA computer tests. The illegal activity is said to have generated millions of dollars in income for the perpetrators. At the same time, victims of fraudulent schemes suffered even greater losses. Fake accounts created by the efforts of the Storm-1152 were used to organize attacks by several teams of attackers, including Scattered Spider.
Microsoft has received a federal court order from the Southern District of New York to seize Storm-1152 infrastructure in the United States and disable malicious websites. In particular, the Hotmailbox.me site was closed, through which fake Microsoft Outlook accounts were distributed. In addition, access to Storm-1152 pages on social networks is blocked. The sites 1stCAPTCHA, AnyCAPTCHA and NoneCAPTCHA were closed, making it easier to create malicious tools and sell services to deceive CAPTCHA services. These sites offered tools to bypass verification on a variety of technology platforms.
As part of the investigation, it was possible to identify the identities of the cybercriminals who led the operations. They turned out to be Duong Dinh Tu, Linh Van Nguyễn, also known as Nguyen Van Lin, and Tai Van Nguyen, living in Vietnam. They wrote program code, published detailed step-by-step instructions on the use of malicious tools, etc.[3]
Service hacking. European government, military and energy companies hit
In mid-March 2023, Microsoft announced a prolonged cyber attack targeting the Outlook email service. The victims of hackers were government, military, transport and energy companies in Europe.
According to CNN, citing a Microsoft report, attackers exploited a previously unknown vulnerability in email software. The attacks were carried out between April and December 2022. During the intrusions, hackers first stole Outlook credentials, and then used them to horizontally move them in victims' networks and to change access rights to mailbox folders. This tactic made it possible to exfiltrate e-mail from certain sections of certain accounts.
According to BleepingComputer, during the invasions, cybercriminals exploited the CVE-2023-23397 vulnerability, which Microsoft fixed on March 14, 2023. This critical flaw allows you to elevate privileges in Outlook. The issue affects all supported versions of Outlook for Windows, but does not apply to client modifications for Android, iOS and macOS.
An attacker can exploit this vulnerability by sending a specially created email that is processed automatically by the Outlook client upon receipt. This can lead to hacking even before the message is opened in the preview area, says Microsoft's security bulletin. |
Behind the wave of attacks on Outlook, BleepingComputer notes, may be the cybercriminal group APT28, also known as Strontium, Sednit, Sofacy and Fancy Bear. According to Microsoft, "less than 15 organizations" suffered from the actions of attackers. Nothing is said about the amount of information stolen during the invasions.[4][5]
2020
In the top 50 largest Internet sites in the world
Microsoft blocks UN secretary general's press secretary's mail because it has too many words' violence 'and' attack'
Presentation of additional tools for working time management
On July 15, 2020, Microsoft announced the development of additional tools for effective time planning in Microsoft Outlook that will maintain a work-life balance.
- Easily search for meeting materials in Outlook for Android. Messages from the mail and files that may be related to the meeting will be automatically added to the meeting information. Easily searching for materials needed to hold a meeting will allow you to spend less time preparing for the meeting.
- Opportunities to manage meeting invitations. The inbox will now display more information about the meeting, such as a list of invitees and those who have confirmed participation. In addition, it will be possible to invite additional participants if the meeting organizer forgot to add someone.
- Connect to online meetings based on other platforms. Microsoft Outlook has already provided convenient integration with Teams, but some people receive invitations to online meetings using other services. For the convenience of users, an option has been added to connect to online meetings on other platforms from the mobile version of Outlook in one touch.
- Automatically add a link to an online meeting to Microsoft Teams. To always be able to join a meeting remotely, you can configure the option to add a meeting link to Microsoft Teams by default using Outlook Mobile and Web Services.
- Displays the personal and work calendar in the same window. The personal calendar in Outlook will now be displayed in the same window as the worker, so that the user can schedule work meetings based on the personal schedule.
- The option to share the schedule in one click. Soon, in the mobile version of Outlook, when invited to a meeting, a button will appear that will allow you to send your schedule to the organizer in one click to schedule the meeting.
- Schedule for e-mail delivery. To help people avoid the need to be "always in touch," added the ability to schedule the delivery of emails at the right time.
- Ability to delay reading a message. In order for users to process email messages at a convenient time for them, it will be possible to "postpone" them with the right mouse button so that they return to the top of the inbox when you need them.
- Quickly create tasks from e-mail messages. Microsoft Outlook now has a function to add mail messages that carry an action item as a task. These tasks will use the same subject line and include a link to the message chain in Outlook for quick information.
- Assigning time to perform tasks. The function will allow you to book time in the schedule for tasks that must be done in advance.
- Add breaks to your appointment schedule. Now you can set up the ability to end appointments 5-10 minutes earlier in order to take short breaks.
Synchronization with 1C: Document Flow calendar
The company's team 1C-KPD"" on July 2, 2020 announced the expansion of the functionality 1C: Document Flow"" using the calendar synchronization module "1C: Document Flow" MS and Outlook. here More.
2019
Integration with Samsung Galaxy Note10
Microsoft warned about hacking accounts of some Outlook users
Unknown attackers hacked into the account of a Microsoft technical support employee and for several months had access to the accounts of users of the Outlook mail service. Criminals could view email addresses, folder names, topics, but not the contents of letters and attachments.
According to TechCrunch, the compromise took place between January 1 and March 28, 2019. Among the victims are users of the services @ outlook.com, @ hotmail.com, @ msn.com, the incident did not affect corporate users. The company did not disclose data on the region and the number of affected users, but TechCrunch suggests that some of the hacked accounts belong to the EU countries. The tech giant also did not say how exactly the attackers were able to hack into the account of a technical support employee. This account is already disabled.
Although attackers were unable to access credentials and other personal information, as a precaution, Microsoft recommends that all users reset their passwords.
2018
Update for iOS with mail sorting
On December 5, 2018, Microsoft introduced an update to the Outlook mobile application for iOS. According to the company, the updated design is designed to make it easier for users to work with mail.
The updated application is created so that the user can print and enter data less, and fully focus on the most important thing, without losing basic information from the view.
Outlook has the next colors. The colors of the title and font help the user find Outlook among many monochrome applications. All versions of the program are united by a single design, which is used for mobile mail, search and calendar. The user recognizes the blue header of the application, regardless of whether it is using a mobile version or running on a PC.
Outlook is a native iOS application, so it uses a native font and design that is suitable for an iPhone or iPad. Too large and bold should not negatively affect the user experience. That is why scrolling dynamically reduces the size of the header, leaving maximum space for the message list, and the user can quickly find what he is looking for.
The functions of mail sorting (Focused Inbox) and filtering the list of messages have been added. In your personal account, the application uses the user's avatar, and if mail combines several accounts and calendars, then prompts in your personal account will help you switch between them. Contacts also have bright, noticeable avatars so that you can quickly determine from whom the message came, select the necessary contacts in the search or participants in the invitations to the meeting.
In the calendar of the Outlook mobile application, contacts, dates and places suitable for the context were brought to the fore in the context menu so that the user could navigate the options, finding the time and place without having to print.
Test an updated web version of Outlook
On September 6, 2018, it became known that Microsoft is starting to test an updated web version of Outlook, in which artificial intelligence will offer the user answers to letters and look for conference rooms for meetings. The service also received the ability to interact with other applications and group work of users.
Starting in mid-September 2018, Microsoft will give Targeted Release members the opportunity to get acquainted with an early version of the web version of Outlook, in which the company has made a number of changes.
The updated Outlook consists of three modules - Mail, Calendar and People. The web version contains a search string with a predictive mechanism that helps the user find the necessary materials based on his recent conversations and taking into account which people he most often contacts.
To make it easier for the user to find a file attached to an email, a special Files module was added to Outlook. The module shows all files sent and received during correspondence. Under Favorites, files from important contacts will be visible. There is such a heading not only for Files, but also for the entire Outlook - you can add the most important contacts there so as not to miss letters from them, Microsoft emphasized.
The process of creating events in the calendar was also simplified - using updated icons that allow you to quickly identify the event and see the proposed locations in order to determine the exact address.
As the developer noted, an intelligent mechanism was built into the Inbox folder, which offers the user suitable answers to the received letters. From the list of options, you can select a short answer and send it in a couple of clicks, having previously edited or dispensed with it. Also, an intelligent mechanism can help the user find a suitable conference room to meet based on the number of participants, room availability, and user preferences.
This version of Outlook has made it easier to access add-ins. The user will have access to frequently used applications directly from the Inbox, which will allow him to quickly save letters to a notebook, translate them into various languages or send payments to other users. From the Inbox, there is access to such popular applications and services as Boomerang, Evernote, GIPHY, Gfycat, Microsoft Translator, MojiLaLa, PayPal, Trello and others, noted in Microsoft.
If the user has already used any e-mail applications in the previous version of Outlook, these applications will be displayed next to the suggested actions or in the drop-down menu when opening the e-mail. From the Office Store, you can install additional add-ins - just open the letter, click on the drop-down menu and select Get add-ins. After installing the add-in, it appears in the drop-down menu. Those that are often used can be fixed.
Also in the updated Outlook, as the developer noted, there are advanced tools for group work. The creation of groups has become easier, group cards contain more information, letters are sorted by groups more efficiently. Additional functions have also appeared - group files and group management in the People module.
Group cards are available from anywhere inside Outlook, which allows you to view information about group members, navigate group applications, and group resources such as Files, Scheduler, or SharePoint site.[6]
2015
400 million active users
According to Microsoft statistics, by the end of September 2015, there are 400 million active users in the world Outlook.com
How to save time with Outlook
What happens if you combine effective time management techniques and Office tools?
(Information is current as of March 2015)
European Parliament: remove Outlook for iOS and Android and change your password
The European Parliament's IT department blocked Members of Parliament (EP) in February 0215 from accessing Microsoft's newly released new Outlook apps for iOS and Android, explaining this by the need to ensure privacy and protect the privacy of users. "Please do not install these applications, and if you have already done for your corporate (EP) email, please immediately delete them and change your password," says the Information Letter of the Parliamentary Technical Service (DG ITEC, Directorate-General for Innovation and Technological Support)[7].
Recall that the new Outlook for iOS and Android are applications that were called Acompli Email two months ago. In December last year, Microsoft acquired Acompli startup for $200 million, as a result, the products of this developer received a new name (the Android application is still presented as a preliminary version). According to Microsoft, they should replace existing Outlook Web App applications and become a mobile client for all Office 365 users. In fact, the new Oullook for mobile OS is a single mailbox for various mail services, including third-party providers - Exchange, Outlook, iCloud, Google and Yahoo. In the future, Microsft intends to develop the functionality of the product through the joint efforts of the development teams of Outlook and the former Acompli.
DG ITEC explains its decision to ban the new Outlook by the fact that this application sends user password information to Microsoft without notifying the user of this, and the mail messages themselves are stored in a certain third-party cloud service that is located in all fields of control by the European Parliament. Note that this is not the first case of refusal to use Microsoft cloud applications, similar solutions are already known from two universities (in the USA and in Holland).
However, it is not clear from the DG ITEC letter: does the parliament's IT service oppose the use of Microsoft applications or against the use of an external postal service at all? After all, if you use public cloud services (namely, through them you receive the services of mail providers), then in any case, information about accounts (including logins and passwords) and mailboxes are stored on the supplier's servers.
2012: Microsoft Outlook 15: New Details
On March 20, 2012, a publication appeared on Paul Thurrott's Supersite for Windows with new details of the Microsoft Outlook 15 functional device and its graphical interface.
If earlier, to work with mail on Hotmail and social networks (Facebook, LinkedIn, etc.), you had to install additional components of Outlook Connector and Social Connector, respectively, now these functions will become part of the basic version of the application.
Peeks (from the English - quick look) will allow you to quickly view components built into Outlook, for example, calendars or tasks, without leaving the active window.
Some Peeks are context-sensitive, providing the user with potentially useful information depending on the actions currently taking place. So when creating a new message, now Outlook will not only offer to substitute a contact in the "To" field, but also display information about the addressee from social networks and the contact book at the bottom of the interface. By the way, the Contacts module will receive a new name - People, the name of its analogue in the Russian-language version is understandably still unknown.
The developers of Outlook 15 have rethought working with message chains; to respond to an email, you no longer need to open a new window - messaging began to resemble a feed in forums or the same social networks.
A panel with weather information will appear in the calendars. Definitely a useful feature, it is not clear only what prevented Microsoft from implementing it a few years ago.
Outlook 15 will be part of the Office 15 suite, which is expected to be released towards the end of the year. About this time, the release of OCWindows 8 is scheduled, obviously, the Microsoft office suite will fully support the features of the Metro GUI and touch input on mobile devices. Some selected groups of testers have already received the software at their disposal, public testing of the popular e-mail application should begin this summer.
Notes
- ↑ BDU:2024-01322
- ↑ According to THE RISKS OF THE# MONIKERLINK BUG IN MICROSOFT OUTLOOK AND THE BIG PICTURECheck
- ↑ Disrupting the gateway services to cybercrime
- ↑ [1] Russian hackers targeted European military and transport organizations in newly discovered spying campaign Microsoft fixes Outlook zero-day used by Russian hackers since April 2022
- ↑ [2]
- ↑ Microsoft prepares Outlook with artificial intelligence that will respond to letters
- ↑ New mobile Outlook applications are blocked for European parliamentarians