Microsoft Outlook Denial of Service

Microsoft Outlook is an email client used to send and receive email messages. Recently, SonicWALL received reports of a bug in MS Outlook, wherein a specially crafted email causes it to crash shortly after reading.
The email to contain both text and html portions, as shown below:

CSS Directive Causes MS Outlook To Crash Apr 7 2017 Email Sample

CSS Directive Causes MS Outlook To Crash Apr 7 2017 Email Sample

Retrieving this email via MS Outlook causes a crash as shown:

CSS Directive Causes MS Outlook To Crash Apr 7 2017 Outlook Crash

CSS Directive Causes MS Outlook To Crash Apr 7 2017 Outlook Crash

Debugging Outlook, we see that the crash occurs at wwlib.dll (not necessarily Outlook).

CSS Directive Causes MS Outlook To Crash Apr 7 2017 Crash Only

CSS Directive Causes MS Outlook To Crash Apr 7 2017 Crash Only

This dll is also used by other Office applications such as Word and Powerpoint. This is used for reading and displaying HTML content.
The problem arises with the “!important” directive in the CSS. Upon testing, removing this directive from the email message sent does not cause a crash.

Our Threat Research Team has researched this vulnerability and released following signature to protect their customers.

•IPS 12702 : Microsoft Outlook Denial of Service

 

How IT SUPPORT MIAMI Can Help

IT Support Miami’s Enterprise Managed IT Security Services practice specializes in helping companies with their IT Security needs. IT security is a layered function and IT Support Miami provides a turn key solution including training, social engineering, endpoint, edge, real-time monitoring and reporting, data protect, user management, Managed Wi-Fi and network, and Managed Cloud.  IT Support Miami is an expert in the field with more than15 years in business and has a proven track record of successful managed IT security.

IT Support  Miami – CALL US TODAY! Toll-free: 888-563-6541 | Miami: 305-662-4755 | Fort Lauderdale: 954-418-2245|[email protected] | Instant Tech Support