Critical Microsoft Outlook security vulnerability

On Tuesday, March 14, Microsoft reported a critical vulnerability affecting Outlook on Windows. This vulnerability may allow hackers to remotely steal passwords by simply receiving an email. This issue is not specific to HMS or Harvard but affects all Outlook users of Windows systems. It does not affect Outlook on MACs. 

To protect against this vulnerability, HMS IT is pushing out an update to Microsoft Office. However, if your machine is not managed by HMS IT, you will need to ensure the update is applied. Please see the instructions below for both scenarios.  

What do I need to do?  

If your computer is managed by HMS IT:  

 Windows users will be prompted via an alert on their computer to either update and/or reboot their computer and should do so immediately.

To confirm if your computer is managed by HMS IT, follow the instructions to check if systems management software is installed on your HMS computer.

If your computer is not managed by HMS IT

For most versions of Microsoft Outlook on windows: 

  1. Open Microsoft Outlook and click "File." 
  2.  In the navigation pane, click "Office Account." 
  3. Select "Update Options." 
  4. Click "Enable updates." and/or "Update Now." 
  5. Ensure all windows updates are installed by manually applying updates to your computer.  
  6. Reboot computer 
Where can I get help?

If you have questions or concerns and are affiliated with HMS, contact HMS IT at 617-432-2000 or; if you are affiliated with HSDM, contact; if you are affiliated with Wyss, contact