CVE-2020-0696: 
vulnerability analysis and mitigation

A security feature bypass vulnerability (CVE-2020-0696) was discovered in Microsoft Outlook software when it improperly handles the parsing of URI formats. The vulnerability was disclosed on February 11, 2020, affecting multiple versions of Microsoft Outlook including Outlook 2010 SP2, 2013 SP1, 2016, Office 2019, and Office 365 ProPlus (NVD).

The vulnerability exists in Microsoft Outlook's handling of URI formats, specifically in how it processes and translates hyperlinks. The issue was particularly problematic in the interaction between Outlook for Mac and Outlook for Windows. When crafting emails in Outlook for Mac, malicious actors could create specially formatted URLs using file:/// protocol that would bypass security systems and appear as clickable links in Outlook for Windows. The vulnerability received a CVSS v3.1 Base Score of 6.5 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N (NVD, Trustwave).

The vulnerability allowed attackers to bypass email security systems completely and deliver malicious links to victims. When clicked, these links would automatically translate from the file:/// protocol to http://, potentially directing users to malicious websites. This bypass could be leveraged in phishing campaigns to evade detection by email security products (Trustwave).

Microsoft released security updates in February 2020 to address the initial vulnerability. The patch implemented warning popups for links with URI schemes and stripped ':/'' characters when delivered to users. A subsequent update in summer 2021 addressed the secondary bypass method by ensuring URLs were properly processed through security features like SafeLinks (Trustwave).