Primary

Context

Microsoft Office Outlook Spoofing Vulnerability via Deserialization of Untrusted Data

Vulnerability

Patched

A spoofing vulnerability has been identified in Microsoft Office Outlook, stemming from the deserialization of untrusted data. This issue allows an unauthorized attacker to manipulate data over a network, potentially leading to credential disclosure by triggering an outbound NTLM authentication attempt to an attacker-controlled server. The vulnerability affects multiple Microsoft Office products, including Outlook, Word, SharePoint Server, and various Office LTSC versions for Mac and Windows.

Impact

Exploitation of this vulnerability could lead to unauthorized spoofing over the network, with a heightened risk of credential disclosure.

Remediation

Users are advised to update to the latest security patches available for their version of Microsoft Office. Security update details can be found in the Microsoft Office Security Update Guide.

Added: Feb 10, 2026, 6:34 PM

Updated: Feb 11, 2026, 1:53 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.4

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.4

remediation

7.7

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Office Outlook Spoofing Vulnerability via Deserialization of Untrusted Data

Vulnerability

Impact

Remediation

Affected Products

Microsoft Office LTSC 2024

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating