A Huntress Labs Security Case Study :
Huntress has been hunting malicious actors across 50,000+ user accounts for 1,500+ small businesses enrolled in their Managed Detection and Response (MDR) for Microsoft 365 product.
This is a repost from Huntress Lab’s Security Blog, where they outline three recent cases, and how MDR was able to protect their partner’s accounts. Euclid Networks will begin offering MDR / Microsoft 365 tenant protection in the near future – Contact us today to learn more!
We’ve seen on over a dozen machines today, Microsoft Outlook (Office 365 continual update version) crashes, with 0xc0000005 errors logged in the event log.
The full text of this error is below.
Faulting application name: OUTLOOK.EXE, version: 16.0.13001.20266, time stamp: 0x5ef262ee
Faulting module name: mso98win32client.dll, version: 0.0.0.0, time stamp: 0x5ef2aa2d
Exception code: 0xc0000005
Fault offset: 0x000474b2
Faulting process id: 0x4cf0
Faulting application start time: 0x01d65ac9b0e13874
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso98win32client.dll
Report Id: 908e152f-636f-4f5a-9717-48a5576b3ccd
Faulting package full name:
Faulting package-relative application ID: Microsoft had acknowledged this crash and documented a resulting fix on Twitter, and on the Office 365 Support portal :
Title: Users experiencing Outlook connection issues and crashes
User Impact: Users may experience crashes or may be unable to access Exchange Online via Outlook.
More info: Our analysis indicates that Outlook on the web and mobile clients are unaffected. Users may be able to leverage those protocols as an alternative means to access email and service features while we remediate this problem.
Current status: Our initial review of the available data indicates that recently deployed updates are the likely source of the problem. We're performing an analysis of all recent service updates to isolate the underlying cause of the problem and to determine the most expedient means to restore service.
Scope of impact: This issue may potentially affect any of your users attempting to use Outlook.
The immediate fix for this is to roll back Microsoft Office versions, which can be done by opening a command line as Administrator and typing : cd "\Program Files\Common Files\microsoft shared\ClickToRun"
officec2rclient.exe /update user updatetoversion=16.0.12527.20880
After rolling back versions, Outlook should open and function as normal!
If you’re in need of a proactive, IT Support company in the Atlanta area, don’t hesitate to contact us today!
