Sending the malicious link or image was simple, but preparing the attack involved multiple steps that would be difficult to achieve for unsophisticated attackers.

“We addressed the issue discussed in this blog and worked with the researcher under Coordinated Vulnerability Disclosure. While we have not seen any use of this technique in the wild, we have taken steps to keep our customers safe,” a Microsoft spokesperson told SecurityWeek.