Actively exploited in the wild
Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft — Outlook · Listed in the CISA KEV since 2023-07-11. This indicates confirmed attacks in production environments.
Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
CVE-2023-35311
HighCVSS 8.8KEVExploitation Probability (EPSS)
Very high risk96th percentile — higher than 96% of all known CVEs
Summary
A vulnerability in Microsoft Outlook allows for a security feature bypass, potentially leading to unauthorized access to user data.
Risk Assessment
Organizations may be exposed to data leaks and other attacks that could exploit this vulnerability to gain access to sensitive information.
Recommendation
It is recommended to update Microsoft Outlook to the latest version to patch this vulnerability and to monitor systems for unauthorized access.
Original NVD description (English source)
Microsoft Outlook Security Feature Bypass Vulnerability

