Microsoft Office Outlook contains a critical vulnerability that allows an attacker to redirect the user to a remote SMB share.
This will trigger an attempt to authenticate against it, allowing the attacker to record the NTLM exchange and replay it against other systems that support NTLM authentication, thus spoofing the identity of the targeted user.
SES Evolution detects and blocks the connection attempt to the remote SMB share.