By Abinaya
Publication Date: 2025-12-10 11:22:00
Microsoft has patched a critical remote code execution (RCE)vulnerability in Outlook that could allow attackers to execute malicious code on vulnerable systems.
The flaw, tracked as CVE-2025-62562, was released on December 9, 2025, and requires immediate attention from IT administrators and end users.
The vulnerability stems from a use-after-free weakness in Microsoft Office Outlook. According to Microsoft’s vulnerability classification, this flaw is rated Important (CVSS score: 7.8).
The attack vector is local, meaning an attacker must convince a user to interact with a malicious email to trigger the exploit.
Specifically, an attacker sends a crafted email that tricks the user into replying, thereby triggering the code-execution chain.
Microsoft Outlook Vulnerability
Unlike typical remote code execution vulnerabilities, this flaw requires local interaction on the victim’s machine.
The Preview Pane is not an attack vector for…