A critical remote code execution (RCE) vulnerability in Outlook has been patched by Microsoft, potentially allowing attackers to run malicious code on vulnerable systems. The vulnerability, tracked under CVE-2025-62562, stems from a use-after-free vulnerability in Microsoft Office Outlook and has a CVSS severity of 7.8. The exploit is triggered locally, requiring the attacker to trick a user into interacting with a malicious email. Once this is done, the attacker convinces the user to respond to a spoofed email, triggering the code execution chain . A vulnerability that requires user interaction According to Microsoft , it is critical that organizations prioritize installing available