Microsoft Outlook vulnerability (CVE-2018-0950) could allow attackers to steal Windows login credentials. The vulnerability resides in the way Microsoft Outlook renders remotely-hosted OLE content when an RTF (Rich Text Format) email message is previewed and automatically initiates SMB connections. Microsoft released an incomplete fix in its April 2018 patch Tuesday, almost 18 months after receiving the responsible disclosure report. The fix does not prevent all SMB attacks, but users are advised to follow the steps to mitigate this vulnerability.
Source: https://thehackernews.com/2018/04/outlook-smb-vulnerability.html