Full Report
Microsoft has fixed a known issue that will cause the classic Outlook email client to crash when opening emails or starting a new message. [...]
Analysis Summary
As the provided text describes multiple, distinct fixes released by Microsoft across various Outlook versions and scenarios, this summary will address the primary vulnerability mentioned in the headline and structure the information based on the available details for each reported fix. Note that the initial article snippet does not provide specific CVEs, severity scores, or technical vulnerability details for the described issues; it only mentions fixes for stability/crash problems.
# Vulnerability: Multiple Microsoft Outlook Stability and Crash Issues Addressed
## CVE Details
- CVE ID: Not specified in the provided context. (These appear to be stability fixes rather than publicly tracked CVEs for security flaws.)
- CVSS Score: Not specified.
- CWE: Not specified.
## Affected Systems
The context describes fixes for several distinct issues:
1. **Outlook Version 2505 (Build 18827.20128) in Current and Beta channels:**
* **Products:** Microsoft Outlook (Current/Beta Channels)
* **Versions:** Version 2505 (Build 18827.20128)
* **Configurations:** Users moving items to shared mailbox folders.
2. **Outlook LTSC 2019:**
* **Products:** Microsoft Outlook LTSC 2019
* **Versions:** Implied the version prior to the service update.
* **Configurations:** Opening emails originating from potentially problematic sources (Viva Engage, Yammer, Power Automate).
3. **Classic Outlook and Microsoft 365 apps on Windows Server:**
* **Products:** Classic Outlook, Microsoft 365 Apps
* **Versions:** Not specified.
* **Configurations:** Running on Windows Server systems.
4. **Classic Outlook (Writing/Replying/Forwarding):**
* **Products:** Classic Outlook
* **Versions:** Not specified.
* **Configurations:** Involved in writing, replying to, or forwarding emails.
## Vulnerability Description
The context details several stability issues causing crashes or UI disruption rather than specific exploits:
1. An issue where shared mailbox folders flicker and move when users attempt to move items into them.
2. Crashes in Outlook LTSC 2019 when opening specific types of internal emails (Viva Engage, Yammer, Power Automate).
3. Crashes affecting Classic Outlook and M365 apps when running on Windows Server operating systems.
4. Crashes impacting Classic Outlook when composing, replying to, or forwarding emails.
## Exploitation
- Status: These events appear to be stability/bug fixes, not security vulnerabilities confirmed to be exploited. Exploitation status is **Unknown/Not applicable** for these specific stability issues.
- Complexity: Not applicable, as this relates to application stability.
- Attack Vector: Not applicable.
## Impact
Given these are stability issues:
- Confidentiality: Minimal (unless the crash prevents access to secure data).
- Integrity: Minor (data loss possible during crash, but not data corruption via exploitation).
- Availability: Moderate (Intermittent or persistent crashes reduce application availability).
## Remediation
### Patches
* **Outlook (Current/Beta - Shared Mailbox Flicker):** Fixed in Outlook **version 2505 (Build 18827.20128)** (Note: The context implies the fix resolves the version 2505 issue, making the current fixed version slightly newer than the mentioned build, or the build itself is the target).
* **Outlook LTSC 2019:** Addressed via a **service update**.
* **Classic Outlook/M365 on Server & Classic Outlook (Writing):** Addressed via specific **fixes/updates** pushed by Microsoft. (Specific version numbers for these patches are not provided in the text).
### Workarounds
* **Outlook (Shared Mailbox Flicker - pending update):** Revert to **version 2504** OR toggle off caching of the shared mailbox by **disabling Download Shared Folders**.
## Detection
No specific Indicators of Compromise (IOCs) or detailed detection methods were provided, as the issues relate to application crashes rather than malicious code execution. Detection relies on monitoring application event logs for Outlook crashes corresponding to the reported scenarios.
## References
- Microsoft Outlook Shared Mailbox Bug: support.microsoft.com/en-us/office/shared-mailbox-folders-flicker-and-move-around-when-trying-to-move-items-to-the-folders-2fa078b0-7d31-4536-a6e2-25a8f19a53ff
- Outlook LTSC 2019 Crash Fix: support.microsoft.com/en-us/office/outlook-ltsc-2019-crashes-opening-viva-engage-yammer-power-automate-and-other-emails-ca49b0b3-8d42-4864-80df-df06069cc172
- Microsoft 365 Apps/Outlook on Server Crash Fix: bleepingcomputer.com/news/microsoft/microsoft-fixes-office-365-apps-crashing-on-windows-server-systems/
- Classic Outlook Writing Crash Temp Fix: bleepingcomputer.com/news/microsoft/microsoft-shares-temp-fix-for-outlook-crashing-when-writing-emails/