A number of government-supported hacking groups exploit a recent patch vulnerability in Microsoft Exchange email servers.
The exploits were first detected by British cybersecurity company Volexity on Friday and confirmed to ZDNet today by a DOD source.
Volexity did not share the names of the hacking groups that exploit this Exchange vulnerability. Volexity did not return a comment request for additional details.
The DOD source described the hacking groups as “all great players”, who also denied naming groups or countries.
Microsoft Exchange vulnerability
These state-sponsored hacking groups exploit a vulnerability in the Microsoft Exchange email servers that Microsoft hacked last month, on the Patch Tuesday in February 2020.
The vulnerability is traced under the ID of CVE-2020-0688. The following is a summary of the technical details of the vulnerability:
- During installation, Microsoft Exchange servers do not create a unique cryptographic key for the Exchange Control Panel.
- This means that all Microsoft Exchange email servers launched over the past ten years use the same cryptographic keys (validationKey and decryptionKey) for control panel support.
- Attackers can submit malicious requests to the Exchange Control Panel that contain malicious serialized data.
- Since hackers know the encryption keys in the control panel, they can make sure that serialized data is not serialized, which generates malicious code that runs on the backend of the Exchange server.
- The malicious code is executed with system privileges, giving the attackers full control of the server.
Microsoft released patches for this error on February 11, when it also warned sysadmins to install solutions as soon as possible, foreseeing future attacks.
Nothing happened for almost two weeks. However, things got even closer to the end of the month when the Zero-Day Initiative, which reported the bug to Microsoft, released a technical report detailing the error and how it worked.
The report served as a roadmap for security researchers, who used the information contained in the design concept holdings to test their own servers and create detection rules and mitigation.
At least three of these proof-of-concept concepts found their way to GitHub (1, 2, 3). A Metasploit module was soon followed.
As in many other cases before, when the technical details and proof-of-concept code were made public, hackers also began to pay attention.
On February 26, a day after the Zero-Day Initiative was broadcast live, hackers began scanning the Internet for Exchange servers, collecting lists of vulnerable servers that they could target at a later date. The first such scans were detected by the intelligence company Bad Packets.
CVE-2020-0688 started mass scanning activity. Please refer to our API for “tags = CVE-2020-0688” to locate hosts performing scans. #threatintel
– Wrong Package Report (@bad_packets) February 25, 2020
Now, according to Volexity, Exchange server scans have become real attacks.
The first to address this error were APTs – “advanced persistent threats”, a term often used to describe state-sponsored pirate groups.
However, other groups are also expected to follow suit. Security researchers whom ZDNet spoke with earlier said they anticipate the bug to become very popular with ransomware bands that regularly run enterprise networks.
Harmonize older and useless phishing credentials
This Exchange vulnerability, however, is not easy to exploit. Security experts do not see this bug being abused by kiddies (a term used to describe low-level hackers).
To exploit CVE-2020-0688 Exchange Error, hackers need the credentials for an email account on the Exchange server, which script scripts usually do not have.
CVE-2020-0688 Security Default is an error called post-authentication. The hackers must first log in and then execute the malicious payload hijacked by the victim’s email server.
But while that limitation will keep the script kiddies out, APTs and ransomware bands do not apply, experts said.
APTs and ransomware bands often spend most of their time launching phishing campaigns, after they get email credentials for their employees.
If an organization applies 2-Factor Authentication (2FA) for email accounts, then those credentials are essentially useless, as 2FA can not be hacked by hackers.
Error CVE-2020-0688 allows APTs to finally find a purpose for those older 2FA-protected accounts that had spit months or years earlier.
They can use any of these older credentials as part of the CVE-2020-0688 operation without the need to bypass 2FA, but still take over the victim’s Exchange server.
Good point about this: Sometimes an APT will get some valid passwords for user accounts in a target organism, but will not be able to use them immediately because of 2FA. However, you can add the credits and patiently wait for new opportunities to emerge. https://t.co/HzY8CmSepM
– Brian at Pittsburgh (@arekfurt) March 7, 2020
Organizations with “APT” or “ransomware” in their threat array are encouraged to upgrade their Exchange email servers with the February 2020 security updates as soon as possible.
All Microsoft Exchange servers are considered vulnerable, even life-threatening (EoL) versions. For EoL versions, organizations should look for the upgrade to a newer Exchange version. If updating the Exchange server is not an option, companies are encouraged to reset a password for all Exchange accounts.
Grabbing email servers is the Holy Grail of APT attacks, as this allows nation-state groups to intercept and read a company’s email communications.
Historically, APTs have previously served with Exchange servers. Previous APTs that have hacked Exchange include Turla (a Russia-linked group) and APT33 (an Iranian group).
This post on the TrustedSec blog contains instructions on how to detect if an Exchange server has already been hacked by this error.
5. Create a New Outlook Profile
It is recommended that you follow point 4 above before moving on to create a new profile. Rename the folder that you can’t expand in Outlook. Right-click on the folder and select the Rename option to do so. Take a backup, if you must. If you have taken a backup on the server or in the cloud, delete the profile the below mentioned:
Of course, the Username above and the drive letter should be your corresponding user name and Windows installation drive. Reboot your computer.
Open Outlook and under the Files menu, click on Account Settings > Manage Profiles.
Click on Show Profiles.
Click on Add to begin creating a new profile.
You can now add email accounts to this newly created profile and check if you still get the Cannot expand folder error.
6. Repair PST and OST File
The Outlook email account data is stored in a .PST file if you are using IMAP or POP account. The same is stored in a .OST file if you are using Office 365 or Exchange account. Depending on the email account throwing the Cannot expand folder error in Outlook app, choose one method.
Repair OST File
Open Control Panel and go to User Account > Mail > Show Profiles. Select the profile you are having trouble with and click on Properties below. Now select Data Files in the pop-up that follows.
Select the email account data file and click on Open File Location.
A new window will open with a file name with .OST extension. Delete the file and reboot your computer. Launch Outlook and it will recreate the file automatically.
Repair PST File
The same steps won’t work for .PST file. Press Windows key+R to open the Run prompt. Enter the below file path in case of Office 2016, Office 2019, and Office 365.
C:Program Files (x86)Microsoft OfficerootOffice16
For Outlook 2013:
C:Program Files (x86)Microsoft OfficeOffice15
Double-click the SCANPST.EXE file, which will launch the Microsoft Outlook Inbox Repair experience. I wish there was a direct way of launching it.
Click on Browse on the pop-up that follows.
A new File Explorer window will open. You need to locate the .PST file here and when you find it, click on the Start button.
Select ‘Make a backup of scanned file before repairing’ option to create a backup in case something goes wrong.
Now click on Repair to begin the process.
There are way too many versions of Outlook that Microsoft has released over the years. That makes troubleshooting a bit more difficult. However, we try our best to offer the best workable solutions. If you have found another way to solve the Cannot open folder error in the Outlook app, let us know in the comments below.
Next up:Using Microsoft Outlook on your smartphone? Here are 9 cool Outlook tips and tricks for Android and iOS.
Last updated on 29 Feb, 2020
Read NextTop 9 Outlook Email Tips and Tricks for iOS and AndroidAlso See#email #Microsoft
Did You Know
The term spam pre-dates e-mail.
More in Windows
How to Get Apple Reminders on Windows
Top 9 Google Sheets Budget Templates for Finance Tracking
Join the newsletter
Get Guiding Tech articles delivered to your inbox.
Join the newsletter
Gaurav is a tech enthusiast who loves talking about new gadgets and innovations. He dropped out of CA because he found the work life boring and monotonous! He recently started working out but mostly, you will find him on the couch either Netflix-ing or gaming.
#Comparisons#Tips & Tricks
Facebook (Hindi)InstagramInstagram (Hindi)YouTubeYouTube (Hindi)TwitterTwitter (Hindi)
© 2020 Guiding Media Pvt Ltd. All Rights Reserved.
Email services with a bright design and many new features appear almost every day. However, none of them could replace Outlook or at least compete with it. You can only come to terms with this. The secret to the popularity of the service is that it is part of the Microsoft Office suite, intuitive and straightforward. Besides, only Outlook allows you to take full advantage of the many features of Microsoft Exchange Server.
Of course, Outlook is not only mail but also a diary, calendar, notes, and messages. Almost all human life is stored in one encrypted file. Therefore, it’s not very good if, when you try to enter the mail client, such a message pops up: 0x8004010F: Outlook data file cannot be accessed.
No panic! We will try to find out what happened to the mail. Most likely, it’s not too late to save it.
Spoiler: I’m not particularly eager to look in the answers, but if someone is in a hurry, the Recovery Toolbox for Outlook which is very useful in such situations, saved me.
Returning the Outlook File
The appearance of the 0x8004010F error means that the Outlook file that stores all the mail is damaged or lost. Gone with the spring wind? It doesn’t matter what happened. You can quickly recover lost mailings if you use a server with IMAP protocol support (Exchange Server, Office365, Gmail, Mail.ru, and the like).
How does it work? The server automatically saves a copy of the file stored on the hard disk; therefore, at any time, we can access the lost data. To do this, you need to abandon the local file that has stopped responding and create a new one using the unique Outlook tool.
Very similar to syncing local data with the cloud, right? Specialized knowledge for recovery is not needed, and the process itself consists of six easy steps-further details.
Recovering an Outlook Account from a Remote Server
- Start Outlook.
- Go to Account settings.
- Select the account you want to recover.
- Select the Change folder.
- Click the New Outlook Data File.
- Confirm the changes with OK.
If everything went well, you would get access to the lost mail. Exhale and go to check the mailing list. If not, then with a nasty sound this window will pop up:
This popup often happens. Try disabling any programs that could affect the recovery process and carry out the procedure from the very beginning. However, the chances of success tend to zero. Mail is not available on the remote server, which is possible, for example, if Outlook uses the POP3 protocol, and all mailings are stored in one local file.
No need to worry. Even after recovery using the server failed, options remain. First, check the Windows settings; there is a chance that they cause the failure. You may not have permission to access the local Outlook file, and this will lead to an error. To configure access rights, do the following:
1. Launch Windows Explorer.
2. Select the desired PST file. If its location is unknown, you can find the file using the same explorer, for this, enter in the window: “*.pst” (without quotes).
3. Right-click on the file.
4. Go to Properties.
5. Uncheck the box next to Read Only.
6. Click on the Security tab.
7. In the “Groups and Users” menu, you need to select the account under which you are logged in.
8. Make sure that all permissions (except for Special Permissions) are checked.
9. Confirm changes by clicking OK.
Permissions configured, but file still unavailable? So, let’s move on. Unfortunately, there are not many options left. The only thing that remains after you tried to restore mail from the server and set the correct system settings is to restore from a backup or other backup mail, PC. Or you can try to repair the damaged file using special programs and services.
Mail Recovery Using Microsoft Office Tools
Please take care of backup in advance-restore mail and forget about the error with the code 0x8004010F: Outlook data file cannot be accessed for a long time. If there is no backup, then you need to look for a unique tool. The good news: one of the most popular PST file recovery software is already on your computer.
We are talking about the Inbox Repair Tool, which comes with the office suite. The tool is easy to use and, importantly, completely free, you need to look for it here:
- Outlook 2019/2016: C:Program Files (x86)Microsoft OfficerootOffice16
- Outlook 2013: C:Program Files (x86)Microsoft OfficeOffice15
- Outlook 2010: C:Program Files (x86)Microsoft OfficeOffice14
Unfortunately, the free tool does not always work, but the Inbox Repair Tool does not take much time either. It makes sense first to try to solve the problem with its help. If it did not work out, we would look for other options, in any case, you need to return the email.
The online recovery and conversion services for Outlook databases give good chances, but you have to pay for the pleasure. There are a large number of such sites, ones of the most popular: https://outlook.recoverytoolbox.com/online/
The whole process takes five minutes to lose:
- Select a file on your hard drive
- Enter your email
- Enter the verification code correctly
- Pay for the service in one of the ways offered by the site
If everything is done correctly, and it could not be otherwise, you will receive a link to the corrected file. The cost of the service usually does not exceed ten dollars for one file up to 1 GB in size. The only question is security.
If you are not satisfied that someone unknown will get access to your personal data-bank card numbers, passwords from social networks, family photos-it is better to choose a method that is not related to sending mail to a remote server. For example, install a particular program.
Recovery Toolbox for Outlook
A convenient and inexpensive tool, you can download it from the link: https://outlook.recoverytoolbox.com/outlook-data-file-cannot-be-accessed.html The program does not require connection with third-party sites. Therefore there are no privacy problems when using Recovery Toolbox for Outlook. It’s easy with which to work. The developers made sure that you can proceed immediately after installation. Before you begin, it is recommended that you backup an important file.
In such a simple way, you not only protect yourself from surprises, but you can also check the system. If a Windows error pops up during the copy process, you must format or change the hard drive, and then reinstall the system. To not have a disaster again, in the future, do not forget to backup the operating system. The backup will save you nerves and improve digestion.
Bug the error 0x8004010F: Outlook data file cannot be accessed
Recovery Toolbox for Outlook performs well in recovering Outlook accounts after error 8004010F. What do we have to do:
1. Download and install the tool from the official website: https://outlook.recoverytoolbox.com/outlook-data-file-cannot-be-accessed.html
2. Run the installed program.
3. Find the file we need on disk.
4. Left-click on Recovery Mode.
5. Select the folder with the Outlook files.
6. Replace the damaged file with the corrected.
Note! In the latest versions of Outlook, you can replace the file either by manually moving it to the Outlook folder or by using the program method, which needs to be done like this:
1) Select the item File/Details
2) Click Account Settings
3) Select Data Files
4) Select a damaged file from the list
5) Click Open file location…
That’s all. Next, we need to delete the old file, otherwise sooner or later, errors will pop up.
Now it remains only to test the work of Outlook. If everything is done according to the instructions, error 0x8004010F: Outlook data file cannot be accessed will not bother you for a long time. Otherwise, reread the article and try to figure out what exactly was done wrong. I hope this little setback did not stop you halfway.
Remember that you can always contact Recovery Toolbox for Outlook support. Experienced specialists will help you. Of course, only if you use the licensed version of the program or pay for the work of the online service.
On this, I say goodbye to you and wish you good luck.
Microsoft has released today the February 2020 Patch Tuesday security updates. This month’s updates include fixes for a whopping 99 vulnerabilities, making this Microsoft’s biggest Patch Tuesday known to date.
The highlight of this month’s security train represents the fix for CVE-2020-0674, a zero-day vulnerability in Internet Explorer.
On January 17, Microsoft disclosed ongoing attacks where hackers were using this IE zero-day, however, at the time, the OS maker could not provide a patch. This patch is now included with this month’s cumulative security updates.
On top of this patch, there are 98 others, of which, 11 bugs have received a grading of “critical,” the highest available.
Most of the critical bugs are remote code execution and memory corruption bugs in services such as the IE scripting engine, the Remote Desktop Protocol service, LNK files, and the Media Foundation component.
Other than that, there’s nothing really out of the ordinary to highlight. This month, Microsoft’s patches are just bulkier than ever, but there’s no earth-shattering bug that needs to be addressed wtih haste, like in previous months.
Patch Tuesday updates are delivered in bulk, so accepting this month’s fixes will automatically install patches for all the 99 security flaws at once.
Additional useful Patch Tuesday information is below, including links to security fixes published by other companies:
- Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
- ZDNet also put together this page listing all security updates on one single page.
- Additional analysis of today’s Patch Tuesday is also available from Trend Micro.
- This month’s Adobe security updates are detailed here.
- SAP security updates are detailed here.
- Google Chrome security updates were released last week.
- Firefox security updates were released today.
- The Android Security Bulletin for February 2020 is detailed here. Patches started rolling out to users’ phones last week.
|Tag||CVE ID||CVE Title|
|Adobe Flash Player||ADV200003||February 2020 Adobe Flash Security Update|
|Internet Explorer||CVE-2020-0674||Scripting Engine Memory Corruption Vulnerability|
|Internet Explorer||CVE-2020-0673||Scripting Engine Memory Corruption Vulnerability|
|Microsoft Edge||CVE-2020-0663||Microsoft Edge Elevation of Privilege Vulnerability|
|Microsoft Edge||CVE-2020-0706||Microsoft Browser Information Disclosure Vulnerability|
|Microsoft Exchange Server||CVE-2020-0692||Microsoft Exchange Server Elevation of Privilege Vulnerability|
|Microsoft Exchange Server||CVE-2020-0688||Microsoft Exchange Memory Corruption Vulnerability|
|Microsoft Exchange Server||CVE-2020-0696||Microsoft Outlook Security Feature Bypass Vulnerability|
|Microsoft Graphics Component||CVE-2020-0744||Windows GDI Information Disclosure Vulnerability|
|Microsoft Graphics Component||CVE-2020-0745||Windows Graphics Component Elevation of Privilege Vulnerability|
|Microsoft Graphics Component||CVE-2020-0714||DirectX Information Disclosure Vulnerability|
|Microsoft Graphics Component||CVE-2020-0715||Windows Graphics Component Elevation of Privilege Vulnerability|
|Microsoft Graphics Component||CVE-2020-0746||Microsoft Graphics Components Information Disclosure Vulnerability|
|Microsoft Graphics Component||CVE-2020-0709||DirectX Elevation of Privilege Vulnerability|
|Microsoft Graphics Component||CVE-2020-0792||Windows Graphics Component Elevation of Privilege Vulnerability|
|Microsoft Malware Protection Engine||CVE-2020-0733||Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability|
|Microsoft Office||CVE-2020-0697||Microsoft Office Tampering Vulnerability|
|Microsoft Office||CVE-2020-0759||Microsoft Excel Remote Code Execution Vulnerability|
|Microsoft Office||CVE-2020-0695||Microsoft Office Online Server Spoofing Vulnerability|
|Microsoft Office SharePoint||CVE-2020-0694||Microsoft Office SharePoint XSS Vulnerability|
|Microsoft Office SharePoint||CVE-2020-0693||Microsoft Office SharePoint XSS Vulnerability|
|Microsoft Scripting Engine||CVE-2020-0713||Scripting Engine Memory Corruption Vulnerability|
|Microsoft Scripting Engine||CVE-2020-0711||Scripting Engine Memory Corruption Vulnerability|
|Microsoft Scripting Engine||CVE-2020-0710||Scripting Engine Memory Corruption Vulnerability|
|Microsoft Scripting Engine||CVE-2020-0712||Scripting Engine Memory Corruption Vulnerability|
|Microsoft Scripting Engine||CVE-2020-0767||Scripting Engine Memory Corruption Vulnerability|
|Microsoft Windows||CVE-2020-0741||Connected Devices Platform Service Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0742||Connected Devices Platform Service Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0740||Connected Devices Platform Service Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0658||Windows Common Log File System Driver Information Disclosure Vulnerability|
|Microsoft Windows||CVE-2020-0737||Windows Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0659||Windows Data Sharing Service Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0739||Windows Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0757||Windows SSH Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0732||DirectX Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0753||Windows Error Reporting Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0755||Windows Key Isolation Service Information Disclosure Vulnerability|
|Microsoft Windows||CVE-2020-0754||Windows Error Reporting Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0657||Windows Common Log File System Driver Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0667||Windows Search Indexer Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0743||Connected Devices Platform Service Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0666||Windows Search Indexer Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0748||Windows Key Isolation Service Information Disclosure Vulnerability|
|Microsoft Windows||CVE-2020-0747||Windows Data Sharing Service Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0668||Windows Kernel Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0704||Windows Wireless Network Manager Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0685||Windows COM Server Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0676||Windows Key Isolation Service Information Disclosure Vulnerability|
|Microsoft Windows||CVE-2020-0678||Windows Error Reporting Manager Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0703||Windows Backup Service Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0680||Windows Function Discovery Service Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0679||Windows Function Discovery Service Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0681||Remote Desktop Client Remote Code Execution Vulnerability|
|Microsoft Windows||CVE-2020-0677||Windows Key Isolation Service Information Disclosure Vulnerability|
|Microsoft Windows||CVE-2020-0682||Windows Function Discovery Service Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0756||Windows Key Isolation Service Information Disclosure Vulnerability|
|Microsoft Windows||CVE-2020-0670||Windows Kernel Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0675||Windows Key Isolation Service Information Disclosure Vulnerability|
|Microsoft Windows||CVE-2020-0669||Windows Kernel Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0727||Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0671||Windows Kernel Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0672||Windows Kernel Elevation of Privilege Vulnerability|
|Microsoft Windows||CVE-2020-0698||Windows Information Disclosure Vulnerability|
|Microsoft Windows||CVE-2020-0701||Windows Client License Service Elevation of Privilege Vulnerability|
|Microsoft Windows Search Component||CVE-2020-0735||Windows Search Indexer Elevation of Privilege Vulnerability|
|Remote Desktop Client||CVE-2020-0734||Remote Desktop Client Remote Code Execution Vulnerability|
|Secure Boot||CVE-2020-0689||Microsoft Secure Boot Security Feature Bypass Vulnerability|
|SQL Server||CVE-2020-0618||Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability|
|Windows Authentication Methods||CVE-2020-0665||Active Directory Elevation of Privilege Vulnerability|
|Windows COM||CVE-2020-0752||Windows Search Indexer Elevation of Privilege Vulnerability|
|Windows COM||CVE-2020-0749||Connected Devices Platform Service Elevation of Privilege Vulnerability|
|Windows COM||CVE-2020-0750||Connected Devices Platform Service Elevation of Privilege Vulnerability|
|Windows Hyper-V||CVE-2020-0751||Windows Hyper-V Denial of Service Vulnerability|
|Windows Hyper-V||CVE-2020-0662||Windows Remote Code Execution Vulnerability|
|Windows Hyper-V||CVE-2020-0661||Windows Hyper-V Denial of Service Vulnerability|
|Windows Installer||CVE-2020-0686||Windows Installer Elevation of Privilege Vulnerability|
|Windows Installer||CVE-2020-0683||Windows Installer Elevation of Privilege Vulnerability|
|Windows Installer||CVE-2020-0728||Windows Modules Installer Service Information Disclosure Vulnerability|
|Windows Kernel||CVE-2020-0722||Win32k Elevation of Privilege Vulnerability|
|Windows Kernel||CVE-2020-0721||Win32k Elevation of Privilege Vulnerability|
|Windows Kernel||CVE-2020-0719||Win32k Elevation of Privilege Vulnerability|
|Windows Kernel||CVE-2020-0720||Win32k Elevation of Privilege Vulnerability|
|Windows Kernel||CVE-2020-0723||Win32k Elevation of Privilege Vulnerability|
|Windows Kernel||CVE-2020-0731||Win32k Elevation of Privilege Vulnerability|
|Windows Kernel||CVE-2020-0726||Win32k Elevation of Privilege Vulnerability|
|Windows Kernel||CVE-2020-0724||Win32k Elevation of Privilege Vulnerability|
|Windows Kernel||CVE-2020-0725||Win32k Elevation of Privilege Vulnerability|
|Windows Kernel||CVE-2020-0717||Win32k Information Disclosure Vulnerability|
|Windows Kernel||CVE-2020-0736||Windows Kernel Information Disclosure Vulnerability|
|Windows Kernel||CVE-2020-0716||Win32k Information Disclosure Vulnerability|
|Windows Kernel-Mode Drivers||CVE-2020-0691||Win32k Elevation of Privilege Vulnerability|
|Windows Media||CVE-2020-0738||Media Foundation Memory Corruption Vulnerability|
|Windows NDIS||CVE-2020-0705||Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability|
|Windows RDP||CVE-2020-0660||Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability|
|Windows Shell||CVE-2020-0702||Surface Hub Security Feature Bypass Vulnerability|
|Windows Shell||CVE-2020-0655||Remote Desktop Services Remote Code Execution Vulnerability|
|Windows Shell||CVE-2020-0730||Windows User Profile Service Elevation of Privilege Vulnerability|
|Windows Shell||CVE-2020-0729||LNK Remote Code Execution Vulnerability|
|Windows Shell||CVE-2020-0707||Windows IME Elevation of Privilege Vulnerability|
|Windows Update Stack||CVE-2020-0708||Windows Imaging Library Remote Code Execution Vulnerability|
- FBI is investigating more than 1,000 cases of Chinese theft of US technology
- Windows 7 bug prevents users from shutting down or rebooting computers
- Lock My PC takes on tech scammers with free recovery key offering, software withdrawal
- Scam, spam and phishing texts: How to spot SMS fraud and stay safe
- Cybersecurity: A guide for parents to keep kids safe online
- The security risks of running unsupported Windows 7 (ZDNet YouTube)
- Best home security of 2020: Professional monitoring and DIY (CNET)
- How to set up secure credential storage for Docker (TechRepublic)
There are many possibilities. For example, if your mailbox does not use a remote server, then it is stored locally using the POP3 protocol. All copies are removed from the server immediately after the data reception. We now need a new plan. Fortunately, we do have one. we will not abandon you.
To begin, let’s check. It is too early to panic. The issue relates to some incorrect Windows parameters. For example, it could be the access rights to Outlook files? We need to do the following:
- Choose the file in the Windows Explorer. If you do not know where it is stored, search in the Explorer, look for a file of .PST format
- Right-click on the detected file.
- Choose Properties.
- Do you see the Read Only checkbox? If yes, remove it.
- Go to the Security tab
- Select a user, logged in to the system, and check their permissions: need to allow all operations with the file.
- Click ОК, to confirm the changes.
The permissions seem to be correct, but the issue is not resolved? The pickings are slim here, regardless of a significant number of Google links that are related to the problem: 0x8004010F: Outlook data file cannot be accessed.
It is either an email backup or third-party services of data recovery, nothing more. Do you have a backup? Great! No need to read the rest of this text, restore, no other issues. If you do not have a backup, there is no need to panic. Not all is lost.
Outlook Data Recovery
Outlook has its own data recovery solution. It is named Inbox Repair Tool. The software is not complicated. Nothing matters more than it is free. It is already installed on your PC and can be found in the folders of Microsoft Office:
- Outlook 2019: C:Program Files (x86)Microsoft OfficerootOffice16
- Outlook 2016: C:Program Files (x86)Microsoft OfficerootOffice16
- Outlook 2013: C:Program Files (x86)Microsoft OfficeOffice15
- Outlook 2010: C:Program Files (x86)Microsoft OfficeOffice14
- Outlook 2007: C:Program Files (x86)Microsoft OfficeOffice12
Try to resolve the issue using Inbox Repair Tool. In most cases, it is enough to fix the issue, saving you time and money. Unfortunately, it does not always help. If this is the case, read more. There is no way out; we cannot survive without email and therefore need to solve the issue at all costs.
For real, there are several data recovery services; for example, this one: https://outlook.recoverytoolbox.com/online/#/. On the webpage, you need to provide the correct path to a damaged file of PST or OST format on the local HDD. After this, do the following:
- Provide your email address
- Enter CAPTCHA
- Finally, pay for a session of data recovery
If you did it correctly (you probably did, it is not that complicated), download a recovered file during the last stage.
Now there is the matter of price and confidentiality. You can upload a damaged file on the remote server and ask for it to be fixed. It is inexpensive — it costs $10 for a file not larger than 1 Gb.
However, it could be dangerous. It is not usually likely that your personal correspondence would interest someone. But who knows? Think, do you have bank emails, credentials for your own space, photos of credit cards in your mailbox?
If you are not sure — do not do it. It is not necessary to upload your email to a remote server. There are other options.
For Example, the Following Tool:Recovery Toolbox for Outlook (https://outlook.recoverytoolbox.com)
First of all, noted the safety of the application. We could not find anyone claiming the theft of personal information by this service. Recovery Toolbox for Outlook is a small program installed on the computer.
It does not establish connections to any external sites. Typically, it is more accessible than you may think. Developers understand that users read instructions after the damage is done. So, there is nothing to harm here, open it, and launch.
Before you launch the Recovery Toolbox, it makes sense to copy a PST file from Microsoft Outlook to another disk as a backup. Yes, when analyzing data, Recovery Toolbox for Outlook does not change the input file.
However, by making a copy of the PST file, we kill two birds with one stone. Firstly, a spare copy of a business-critical Outlook file will not be necessary. Secondly, we check the integrity of the HDD.
Wasn’t that easy? If an attempt of PST file copying causes a Windows error, please accept my sincere condolences. The issue is worse than expected. We need to recover the whole system, which is an entirely different story.
By the way, for the future, remember it is much easier to prevent an issue than to fix its consequences. The most important thing is to do a regular backup of all data, which helps to save your money and mental health.
How to fix the issue: 0x8004010F: Outlook data file cannot be accessed
To correct the following issue 8004010F when using POP3/SMTP accounts in Microsoft Outlook, do the following:
- Download, install and start Recovery Toolbox for Outlook from the site: https://outlook.recoverytoolbox.com/
- Choose a damaged .PST file in the first window
- Choose RecoveryMode
- Choose a folder to save a recovered file
- Replace the damaged PST file by a recovered one
Yes, in the very end, you should replace the corrupted file to a recovered one or merely add the recovered file to the list of data files in Outlook. For the following versions of Outlook: 2019, 2016, 2013, it is done as follows:
- Choose the menu item “File | Info.”
- Click the button “Account settings.”
- Choose “Account settings” in the popup menu.
- Choose the “Data Files”
- Choose a data file from the list below.
- Click the following button “Open File Location.”
In this case, do not forget to remove the old damaged file to avoid new issues in the future.
Lastly, you can finally open Microsoft Outlook and keep on working with the email. If there are no issues with email sending and receiving, then you have done everything correctly. There only remains for me to be happy with you. Alternatively, try to reread the article and understand what went wrong.
Google suggests a variety of solutions regarding this issue: 0x8004010F: Outlook data file cannot be accessed. But, if you have got confused, contact the support department email@example.com and describe, what’s up. Sure, it makes sense only if you have paid for the recovery or purchased Recovery Toolbox for Outlook.
Good luck to everyone. We hope you will never encounter viruses and bad HDD sectors.
Filed in Computers. Read more about Email, Outlook and Sponsored.
Related Articles on Ubergizmo
Why WinX DVD Ripper Platinum Is The Ideal Tool to Backup/Digitize DVDs
Batch Convert MKV to MP4 4K Big Files with VideoProc/FFmpeg
How to Quit Your Job and Keep Your Business Correspondence and Contacts
Microsoft Is Testing Gmail Integration With Outlook
Recover Outlook Password: Getting Access Without Hacking
Dark Mode For Microsoft Outlook Reportedly In Development
Hackers Were Able To Access Some Outlook.com Accounts For Months
Boston Dynamics’ Robot Dog Is Being Used By Law Enforcement
Doctors Place Humans In Suspended Animation For The First Time
The Startup ‘Heliogen’ Backed By Bill Gates Announces A Breakthrough
These Fake AirPods Stickers Are A Mean But Hilarious Prank
FedEx Delivery Driver Caught Tossing A $1,500 Camera Lens Onto The Ground
iPhone 11 Pro VS $20,000 Leica, Can You Tell The Difference?
Facebook For iOS Secretly Uses The iPhone’s Camera While You’re Using The…
CastAway Phone Case Adds A Second Screen To Smartphones
- The November Windows patch is out, and it comes with a large number of critical fixes.
- All users are urged to update immediately, as the patch covers a wide range of software tools and products.
- Some known minor issues accompany this update as always, but there are workarounds.
Microsoft has just released a pretty comprehensive patch for Windows 10, bringing 74 fixes, 13 of which address critical remote code execution (RCE) flaws. The software that is covered this time ranges from the OS core and the Edge browser to the Azure Stack, the Visual Studio, and the Exchange Server. All Windows 10 users will see the update on their settings menu, and everyone is advised to apply the patches as soon as possible, as they will help you stay safe and secure against a wide variety of threats.
More specifically, here are the most critical flaws that were fixed this time:
- Hyper-V arbitrary code execution and failure to validate input from guest OSes (CVE-2019-0721, CVE-2019-1389, CVE-2019-1397, and CVE-2019-1398)
- Microsoft Exchange RCE flaw (CVE-2019-1373)
- SharePoint server information disclosure flaw (CVE-2019-1443)
- Windows TCP/IP improper IPv6 packet handling (CVE-2019-1324)
- Windows Graphics Device Interface information disclosure flaw (CVE-2019-1439)
- Windows Graphics Component privilege elevation vulnerabilities (CVE-2019-1407 and CVE-2019-1433)
- Microsoft Office for Mac inability to disable macros properly (CVE-2019-1457)
- VBScript remote code execution vulnerability (CVE-2019-1390)
- Microsoft Scripting Engine memory corruption flaws (CVE-2019-1426, CVE-2019-1427, CVE-2019-1428, and CVE-2019-1429)
The rest of the patches concern “important” level flaws, so they are also crucial in several use-case scenarios. For example, CVE-2019-1020 is a bypass vulnerability in the Windows secure boot process, allowing an attacker to load malicious software via a third-party bootloader. With the latest patch, this threat has been blocked.
Remember, if you’re using a security solution, it will get updated with new rules to cover the disclosed vulnerabilities. However, applying the OS updates should be an absolute priority in order to defend from any form of known exploitation methods. Moreover, Microsoft delivers Windows updates in a cumulative form, so you will also get other optimizations and improvements bundled with the security fixes.
Applying this update may cause a number of side-effects which Microsoft describes in their “known issues” section. For example, the Exchange Server may greet you with a “File failed to upload” error when trying to save files on a network location, and the exchange services may remain in a disabled state. OOBE (Out of Box Experience) may also be associated with problems creating a local user through IME (Input Method Editor). Finally, renaming files and folders on a CSV (Cluster Shared Volume) may fail with the following error: “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. For most of these, there are workarounds provided by Microsoft.