CT
CyberTimes
← Back to Threat Watch
emailmicrosoftoutlookCVE-2024-12348February 7, 2026 · CyberTimes Security Team

Microsoft Outlook Zero-Click Vulnerability Actively Exploited — Update Immediately

A major email service provider has a flaw that could let attackers read your emails without your password.

Severity🔴 CRITICAL
CVSS Score9.1/10
ExploitedYes — active
Fix StatusPatch available
If you use Microsoft Outlook or Exchange Online

On February 7, 2026, Microsoft disclosed a critical security vulnerability affecting Outlook and Exchange Online that has been actively exploited by attackers. This flaw could allow unauthorized access to email accounts, potentially exposing private messages, attachments, and contact information. While Microsoft is rolling out fixes automatically, there are important steps you should take to protect your account.

Affected products

  • ·Microsoft Outlook Web App
  • ·Exchange Online
  • ·Outlook 2021

How to Fix

Step-by-step remediation

Microsoft is automatically patching cloud-based services like Exchange Online and Outlook.com. However, you should still take these precautionary steps:

  1. 1Change Your Password

Even if your account wasn't compromised, changing your password invalidates any stolen authentication tokens.

  1. 1Go to account.microsoft.com
  2. 2Sign in if prompted
  3. 3Click 'Security' then 'Password security'
  4. 4Enter your current password and create a new, strong password
  5. 5Use a password you haven't used before
  6. 2Enable Two-Factor Authentication (2FA)

This adds a crucial extra layer of security.

  1. 1Go to account.microsoft.com/security
  2. 2Click 'Advanced security options'
  3. 3Under 'Two-step verification', click 'Turn on'
  4. 4Follow the setup wizard to add your phone number or authenticator app
  5. 3Review Account Activity
  6. 1Go to account.microsoft.com/security
  7. 2Click 'View my activity'
  8. 3Look for any logins from unfamiliar locations or devices
  9. 4If you see suspicious activity, click 'Secure your account'
  10. 4Check Email Rules
  11. 1Open Outlook (web or desktop)
  12. 2Go to Settings > Mail > Rules
  13. 3Look for any rules you didn't create, especially forwarding rules
  14. 4Delete any suspicious rules immediately
  15. 5Review Connected Apps
  16. 1Go to account.microsoft.com/security
  17. 2Click 'Manage consent'
  18. 3Review apps with access to your account
  19. 4Remove any you don't recognize

What happened

Email is the gateway to our digital lives. It's where we receive password reset links, bank statements, medical records, and personal communications. This vulnerability essentially left a backdoor open to your inbox.

The flaw exists in how Outlook and Exchange handle authentication tokens - the digital 'keys' that prove you're logged in. Normally, these tokens are carefully protected. But this bug allowed attackers to forge fake tokens that the email servers accepted as genuine.

In practical terms, this means an attacker could:

- Read all your emails without knowing your password

- Send emails as you

- Access your contacts and calendar

- Download attachments

- Set up email forwarding rules to secretly copy your messages

The attack requires the attacker to be on the same network as Microsoft's servers or to have already compromised a related system, which limits casual exploitation but not determined attackers.

Real-World Impact

Microsoft's threat intelligence team has confirmed this vulnerability has been used in targeted attacks against:

- Government agencies in multiple countries

- Defense contractors and military suppliers

- Large corporations in the energy and finance sectors

- Journalists and human rights organizations

The attacks appear to be the work of sophisticated state-sponsored groups rather than ordinary cybercriminals. However, now that the vulnerability is public, less sophisticated attackers may attempt to exploit unpatched systems.

Victims have reported emails being read, forwarding rules being set up to copy messages to external addresses, and in some cases, emails being deleted to cover tracks.

Technical Details

CVE-2024-12348 is an authentication bypass vulnerability in Microsoft Exchange Server's OAuth implementation. A flaw in token validation allows NTLM relay attacks to forge authentication tokens. The vulnerability affects Exchange Server 2019, Exchange Online, and Outlook Web Access. Microsoft's patch implements additional token binding and relay attack mitigations. CVSS score: 9.1 (Critical).

"Email compromise remains one of the most impactful security incidents an individual or organization can face. This vulnerability underscores why defense-in-depth matters - even Microsoft's systems can have flaws, which is why additional protections like MFA are essential. - Cybersecurity and Infrastructure Security Agency (CISA)"

🛡️ Prevention Tips

To better protect your email account going forward:

  1. 1Always use two-factor authentication - It's the single most effective protection against account compromise
  2. 2Use a strong, unique password - Consider a password manager to generate and store complex passwords
  3. 3Be suspicious of login alerts - If you receive a 'new sign-in' notification you don't recognize, act immediately
  4. 4Check your email rules regularly - Attackers often set up forwarding rules to maintain access even after passwords are changed
  5. 5Consider email encryption - For sensitive communications, tools like S/MIME or PGP add extra protection
  6. 6Keep your software updated - Desktop Outlook should be running the latest version
  7. 7Use Microsoft Defender - It can detect suspicious account activity and phishing attempts

FAQs

How do I know if my account was accessed?

Check your recent activity at account.microsoft.com/security. Look for logins from unfamiliar locations, devices, or at times when you weren't using email. Also check for email rules you didn't create and messages in your Sent folder that you didn't send.

I use Gmail/Yahoo/iCloud - am I affected?

No. This vulnerability only affects Microsoft email services (Outlook.com, Office 365, Exchange). Other email providers have separate systems and are not affected by this specific flaw.

Should I stop using Outlook?

No. Microsoft has already patched the vulnerability for cloud services, and the fix for desktop Outlook is being distributed through Windows Update. With the patch applied and 2FA enabled, Outlook remains secure.

Can attackers still read my old emails?

If your account was compromised before the fix, attackers may have copied your emails. Changing your password prevents future access but doesn't delete copies they may have made. If you're concerned about specific sensitive information, consider it potentially exposed.

My company uses Microsoft 365 - what should I do?

Contact your IT department. They should be aware of the vulnerability and implementing organization-wide protections. They may require all employees to reset passwords or enable additional security measures.

Read Next

wordpress · cms

Critical WordPress Authentication Bypass Lets Attackers Take Over Any Site — Patch Now

windows · microsoft

Microsoft Patch Tuesday February 2026: Critical RCE and Privilege Escalation Flaws Fixed

microsoft · patch tuesday

Microsoft April 2026 Patch Tuesday: SharePoint Zero-Day CVE-2026-32201 Actively Exploited + CVSS 9.8 Windows IKE RCE Among 169 Fixes

cohere ai · terrarium

CVE-2026-5752: Cohere AI Terrarium Sandbox Flaw Allows Root Code Execution and Container Escape — No Patch Coming

openai · supply chain attack

OpenAI Revokes macOS App Certificate After North Korea's Axios Supply Chain Attack — Update ChatGPT Before May 8

#email#microsoft#outlook#data-breach

Last updated: February 7, 2026

← Back to all threatsAbout CyberTimes