Full Report
Microsoft is investigating a known issue that causes the classic Outlook email client to crash upon launch, which can only be resolved via Exchange Online support. [...]
Analysis Summary
# Vulnerability: Classic Outlook Crash Upon Launch Requiring Exchange Online Support Intervention
## CVE Details
- Since the article describes an operational bug requiring vendor support rather than a specific security vulnerability, **no CVE ID is assigned or detailed.**
- CVSS Score: N/A
- CWE: N/A (Operational/Service Interruption Issue)
## Affected Systems
- Products: Classic Outlook for Windows (part of Microsoft 365 subscriptions)
- Versions: Not specified, impacts current users of classic Outlook.
- Configurations: Users leveraging Exchange accounts accessed via classic Outlook on Windows.
## Vulnerability Description
A known issue is causing the classic version of the Microsoft Outlook client application to crash upon launch for some Microsoft 365 customers. Affected users receive an error message indicating that Outlook cannot start and that the attempt to log onto the Microsoft Exchange account has failed. The root cause is suspected to be related to mailbox errors, specifically linked potentially to an "Authentication concurrency limit is reached" error (identified by LID: 49586 in Fiddler traces).
## Exploitation
- Status: Generally reported as an operational bug/service issue, **not a security exploit.**
- Complexity: N/A
- Attack Vector: N/A (Appears to be triggered client/service-side interaction failure)
## Impact
- Confidentiality: Potential for service interruption, though not explicitly stated as a data disclosure risk.
- Integrity: Service interruption leading to inability to access mail data via the client.
- Availability: **High** (Classic Outlook client crashes preventing launch and access).
## Remediation
### Patches
- **No immediate patch released or specified.** Microsoft is investigating and coordinating fixes via service changes.
### Workarounds
1. **Service Request:** Affected customers *must* open a support case from the Microsoft 365 Admin portal. Exchange Online support will then request a service change on the backend to mitigate the issue for the user.
2. **Temporary Client Switch:** Use the **new Outlook for Windows** or **Outlook Web Access (OWA)** to access mailboxes in the meantime.
3. **Generic Troubleshooting:** Microsoft lists standard Outlook startup troubleshooting steps (Safe Mode, new profile, data file repair, running `/resetnavpane`), though these may not resolve this specific backend-related issue.
## Detection
- **Indicators of Compromise (IoC):**
* Classic Outlook fails to launch.
* Error message regarding failed exchange logon or inability to open the folder set.
* Fiddler trace displaying the specific error: **"LID: 49586 - Authentication concurrency limit is reached."**
- **Detection methods and tools:** Reviewing client crash logs and network tracing tools like Fiddler for the specified LID error message.
## References
- Vendor advisory (Support Document): `support.microsoft.com/en-us/topic/error-when-opening-classic-outlook-cannot-start-microsoft-outlook-cannot-open-the-outlook-window-the-set-of-folders-cannot-be-opened-the-attempt-to-log-on-to-microsoft-exchange-has-failed-b5378005-7931-44df-b37a-b87a935fd3f8` (Defanged)
- Generic Troubleshooting Link: `support.microsoft.com/en-us/office/i-can-t-start-microsoft-outlook-or-receive-the-error-cannot-start-microsoft-outlook-cannot-open-the-outlook-window-d1f69da6-b333-4650-97bf-4d77bd7abb85` (Defanged)