The Winmail.dat vulnerability is a historical security issue in the Microsoft Outlook mail client that allowed attackers to identify the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. This was a significant risk, as it could be used for phishing attacks or other malicious activities.
You're affected if you use Microsoft Outlook versions prior to 2000-0753. However, this vulnerability is considered historical and has been patched in newer versions of Outlook. Check with: file /usr/bin/outlook (on Linux) or dir %windir%\System32\outlook.exe (on Windows). Note that this vulnerability is not relevant to modern email clients.
Upgrade to a supported version of Microsoft Outlook, such as Outlook 2016 or later.
- For immediate mitigations:
- Disable the use of winmail.dat attachments in your email client settings.
- Use alternative methods for sending RTF files, such as using a web-based email client.