Serious security vulnerability in Outlook / blocking port 445 and 139 in the firewall outbound
We recommend not using Outlook in the home office (even in VPN) until we issue a warning. This does not apply to the campus.
Outlook Web Access (OWA) outlook.tu-dortmund.de can still be used in the home office without hesitation. Mobile mail clients on smartphones or other desktop clients such as Thunderbird or Apple Mail are also not affected. Outlook can still be used on campus without hesitation, as our firewall protects you.
The serious Outlook vulnerability CVE-2023-23397 has not yet been fully closed on patchday 3/14/2023. This vulnerability can be exploited without your intervention. An attack on the vulnerability allows the NTLM hash of the victim to be forwarded to an external server via port 445. Therefore, upgoing traffic via ports 445 and 139 has now been blocked by the central firewall of the TU.
Info about this: