Hi everyone 🙂

There’s a critical security flaw making waves right now, and it’s something you need to take seriously—especially if you use Microsoft Outlook on Windows. A newly discovered vulnerability, CVE-2025-21298, allows attackers to execute malicious code on your system without you clicking a thing.

That’s right—just previewing a malicious email containing an RTF file in Outlook can trigger this attack. You don’t even need to open an attachment.

Why This Matters

  • Zero-Click Exploit: No need to click links or download files—just previewing an infected email is enough to get hacked.
  • Targets Windows Systems: Affects Windows 10, Windows 11, and various Windows Server versions.
  • Can Be Used for Malware & Data Theft: Attackers can install spyware, steal data, and even escalate privileges to take over systems.

How to Protect Yourself

  1. Install Microsoft’s January 2025 Security Update—This patch fixes the vulnerability. Go to Settings → Update & Security → Windows Update and make sure your system is up to date.
  2. Disable RTF Previews in Outlook—If you can’t patch immediately, prevent the attack by forcing emails to display in plain text:
    • Open Outlook → File → Options → Trust Center → Trust Center Settings → Email Security
    • Check “Read all standard mail in plain text.”
  3. Avoid Opening Suspicious Emails—If you don’t know the sender, don’t open the email—especially if it contains an RTF attachment.
  4. Enable Advanced Threat Protection—Use security tools like Windows Defender, Proofpoint, or Mimecast to filter out malicious emails.
  5. Segment Your Network—If this malware executes, it could spread across your company network. Proper network segmentation can prevent widespread damage.

This isn’t just another security patch—it’s a critical fix that needs to be installed immediately. If you delay, your system is wide open to attack. Don’t wait—update your system now and follow the steps above to keep your data safe.

Stay sharp, stay secure.
Max Roberts