[German]Microsoft has confirmed in a support article that there is a bug in Outlook 365 that can cause crashes when starting up. If I understand correctly, intervention by Microsoft Exchange Online Support is required to fix this bug. And there appears to be a zero-day vulnerability in Outlook Classic that can be exploited via emails.
Bleeping Computer Bleeping Computer addressed the issue recently in the following tweet and this article. Microsoft has already disclosed the bug in its support article Error when opening classic Outlook: "Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange has failed." dated September 26, 2025.
According to this, Microsoft is currently investigating a known issue that causes the classic Outlook email client (in Outlook 365) to crash on startup—apparently when the client accesses Exchange Online—and can only be resolved via Exchange Online support. Affected users receive the following error message when starting Outlook Classic on Windows:
"Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange has failed."
Various causes and simple workaround
This error message can occur for various reasons, Microsoft writes in its support article. To check whether there is a specific problem, those affected should record a trace using the Fiddler tool. If the problem with Outlook crashing has occurred, search for this error in the trace:
Microsoft.Exchange.RpcClientAccess.ServerTooBusyException: Client is being backed off---> Microsoft.Exchange.RpcClientAccess.ClientBackoffException: ErrorCode: ClientBackoff, LID: 49586 - Authentication concurrency limit is reached. -- End of inner exception stack trace ---
If you are affected by this error and find the above LID in the trace, your only option at present is to open a support case via the Microsoft 365 admin portal. According to the support article, Exchange Online support must request a service change to resolve the issue.
Microsoft is still investigating why this authentication limit occurs in the first place. Microsoft recommends that users affected by this bug use Outlook Web Access (OWA) or the new Outlook for Windows. The problem should not occur in either solution.
Warning about attacks via a 0-day vulnerability
I'm going to include a second topic in this post. While researching the above bug, I came across the following tweet warning about attacks on Outlook.
Not much is known—a serious bug in Outlook for Windows, triggered by malicious emails/attachments, causes the client to crash. This could enable code execution and take over the Windows client. The advice: install updates, disable preview windows, block unknown attachments.
