Microsoft Outlook has a new ‘critical’ flaw that spreads malware easily

By Judy Sanhz Published January 17, 2025

In a security alert, Microsft warned users how easy it is for hackers to distribute malware using their Outlook email client. Microsoft has already released a patch for the CVE-2025-21298 user-after-free vulnerability and urges users to apply it immediately.

Microsoft gave the vulnerability a severity score of 9.8 (critical) since it uses freed memory and corrupts valid data, or parcels out malware remotely. This bug is in the Windows Object Linking and Embedding (OLED) function, allowing you to embed and link to documents and other objects, such as adding an Excel chart to a Word document. It’s so dangerous that you can become infected by previewing the specially crafted email.

Microsoft said in the security warning, “Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim’s Outlook application displaying a preview of a specially crafted email. This could result in the attacker executing remote code on the victim’s machine.”

If you can’t apply the patch at the moment, Microsoft encourages you to apply tips such as viewing your emails in large LAN networks as plain text and turning off or restricting NTLM traffic altogether. What happens when you view your emails in plain text? Basically, all animation, images, and different fonts are removed. Your emails won’t look as stylish when viewing them in plain text, but this way, you can avoid loss of customers, business disruptions, and possibly regulatory fines.

No app is perfect and you’ll come across issues sooner or later. Even Outlook has common problems but if your facing some basic issues, we’ve got you covered on how to fix them. This isn’t the first major issue Outlook has faced with hackers being able to view emails a while back.