Login Sign Up

CVE-2022-35742

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2022-35742 is a denial-of-service vulnerability in Microsoft Outlook that allows attackers to crash the application by sending specially crafted emails. This affects users running vulnerable versions of Microsoft Outlook on Windows systems. The vulnerability requires user interaction to open or preview malicious emails.

💻 Affected Systems

Products:
  • Microsoft Outlook
Versions: Microsoft Outlook 2013, 2016, 2019, 2021, and Microsoft 365 Apps for Enterprise prior to August 2022 updates
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Outlook desktop application only, not Outlook Web Access or mobile clients. Requires user to open or preview malicious email.

📦 What is this software?

365 Apps by Microsoft

View all CVEs affecting 365 Apps →

Office by Microsoft

View all CVEs affecting Office →

Office Long Term Servicing Channel by Microsoft

View all CVEs affecting Office Long Term Servicing Channel →

Outlook by Microsoft

View all CVEs affecting Outlook →

Outlook by Microsoft

View all CVEs affecting Outlook →

Outlook by Microsoft

View all CVEs affecting Outlook →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete Outlook application crash requiring restart, potential loss of unsaved work, and disruption to email communication workflows.

🟠

Likely Case

Temporary Outlook application crash affecting individual users who open malicious emails, requiring application restart.

🟢

If Mitigated

Minimal impact with proper email filtering and user awareness training preventing malicious emails from reaching users.

🌐 Internet-Facing: MEDIUM - Attackers can send malicious emails from external sources, but requires user interaction to trigger.
🏢 Internal Only: LOW - Internal exploitation would require malicious actors within the organization sending targeted emails.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to open malicious email. No authentication bypass needed beyond standard email delivery.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2022 security updates for Microsoft Office/Outlook

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35742

Restart Required: Yes

Instructions:

1. Open Microsoft Outlook. 2. Go to File > Office Account > Update Options > Update Now. 3. Alternatively, use Windows Update to install the latest Office security updates. 4. Restart Outlook after update installation.

🔧 Temporary Workarounds

Disable email preview pane

windows

Prevents automatic triggering when viewing email list by disabling preview functionality

In Outlook: View > Message Preview > Off

Use Outlook Web Access

all

Switch to web-based Outlook which is not affected by this vulnerability

🧯 If You Can't Patch

  • Implement email filtering to block suspicious emails with unusual attachments or content
  • Provide user awareness training about not opening emails from unknown senders

🔍 How to Verify

Check if Vulnerable:

Check Outlook version: File > Office Account > About Outlook. If version is prior to August 2022 updates, system is vulnerable.

Check Version:

In Outlook: File > Office Account > About Outlook

Verify Fix Applied:

Verify Outlook version shows August 2022 or later updates installed and attempt to reproduce with test email (not recommended in production).

📡 Detection & Monitoring

Log Indicators:

  • Outlook application crash logs in Windows Event Viewer
  • Multiple Outlook restarts from same user in short timeframe

Network Indicators:

  • Incoming emails with unusual MIME types or large nested attachments

SIEM Query:

EventID=1000 AND Source='Outlook' AND 'faulting module' contains relevant DLL names

📊 Metadata

CVE ID: CVE-2022-35742
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: June 1, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON