Microsoft -- Finally -- Patches Outlook Password Leak Bug
Microsoft was taking heat this week after it patched a critical bug in Outlook that was identified more than a year ago. The fix was issued this week as part of Microsoft's monthly "Patch Tuesday" release.
The Outlook vulnerability allowed attackers to steal a user's sensitive data, including IP address and Windows login credentials, just by getting the user to preview a Rich Text Format (RTF) email with remotely hosted OLE objects, according to a Hackread story.
CERT Coordination Center analyst Will Dorfman discovered the vulnerability back in November 2016.