Full Report
Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. [...]
Analysis Summary
# Vulnerability: Classic Outlook Email Delivery Failure (NDR Errors)
## CVE Details
- **CVE ID**: N/A (Functional Bug/Service Degradation)
- **CVSS Score**: N/A
- **CWE**: N/A
## Affected Systems
- **Products**: Microsoft Classic Outlook
- **Versions**: All versions of Classic Outlook utilizing Outlook.com accounts.
- **Configurations**:
- Outlook.com accounts linked to another Exchange account within the same profile.
- Situations where the sender’s account has an Exchange Online mail contact with an identical SMTP address.
## Vulnerability Description
This was a functional logic error within the interaction between Classic Outlook and the Outlook.com service. The bug triggered Non-Delivery Reports (NDRs) when users attempted to send or reply to emails. Technical error codes generated included **0x80070005-0x0004dc-0x000524**, typically accompanied by a "permission denied" or "message could not be sent" warning. The flaw was server-side, related to how the service validated sending permissions for linked accounts.
## Exploitation
- **Status**: Not exploited (Functional service issue).
- **Complexity**: N/A
- **Attack Vector**: N/A
## Impact
- **Confidentiality**: None
- **Integrity**: None
- **Availability**: Medium (Directly impacts the core functionality of email delivery for affected users).
## Remediation
### Patches
- **Server-Side Fix**: Microsoft implemented a service change to address this issue. The fix was fully deployed into production as of **April 3, 2026**. No manual software update is required for the fix to take effect, though restarting the client is recommended.
### Workarounds
If issues persist despite the server-side fix, Microsoft recommends:
- **Client Migration**: Use the "New Outlook" client or access Outlook via the web (Outlook.com).
- **Address Book Update**: Manually download the Outlook Address Book for any affected Outlook.com accounts to refresh synchronization.
## Detection
- **Indicators of Compromise**: N/A
- **Detection Methods**: Users will receive NDRs containing error code `0x80070005-0x0004dc-0x000524` and the message: *"This message could not be sent. Try sending the message again later or contact your network administrator."*
## References
- [Support Document: Classic Outlook Error When Sending From Outlook.com] hxxps[://]support[.]microsoft[.]com/en-us/office/classic-outlook-error-when-sending-from-outlook-com-you-do-not-have-permission-to-send-on-behalf-of-the-specified-user-0x80070005-0x0004dc-0x000524-49f5afe9-11ee-4ce1-9531-296670171509
- [BleepingComputer: Microsoft fixes Classic Outlook bug] hxxps[://]www[.]bleepingcomputer[.]com/news/microsoft/microsoft-fixes-classic-outlook-bug-causing-email-delivery-issues/