Two boring but rather important IT security notices

I know this isn't what these boards are about at all, but these are both new enough (within the prior two days or so of this posting) and bad enough that they warrant attention.

### Severe vulnerability in all versions of Outlook since Outlook 2013

https://thestack.technology/critical-microsoft-outlook-vulnerability-cve-2023-23397/
The short version: the attack allows someone to steal your credentials without you even opening the email. They just need to send it to you. It triggers before it even is drawn in the preview pane.

If you’re on Outlook 2013 or 2016, run Windows Update.
If you’re on Outlook 365, go to file -> office account (down the bottom of the sidebar) -> update options -> update now.

### Severe flaw in some popular google android devices

https://9to5google.com/2023/03/16/google-exynos-modem-vulnerabilities/

>

Tests conducted by Project Zero confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim’s phone number

Affected devices:

  • - Samsung Galaxy phones including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12, and A04 series
  • - Vivo phones including those in the S16, S15, S6, X70, X60, and X30 series
  • - Google Pixel 6 and 6 Pro, Pixel 6a, Pixel 7 and 7 Pro
  • - Any wearables that use the Exynos W920 chipset
  • - Any vehicles that use the Exynos Auto T5123 chipset

  • ___

    Tell your friends / family / colleagues / etc. to update their installs of Outlook, and disable Wi-Fi Calling and VoLTE (if they can) if they have a vulnerable device, for now. There will be patches soon I imagine, and stress the importance of installing those updates when they roll out -- rather than the highly common pattern of dismissing any and all "please update!" notifications on their device.

    Thanks for the heads up.

    security info

    thank you rejj <3

    that google phone one is pretty hardcore since there's no fix yet.

    Woah. My school uses outlook for all school emails. I hope they know about this!