Threat alert details
We would like to bring your attention to a critical vulnerability within Microsoft Outlook which allows for elevation of privileges with a CVSS3 score of 9.8. This vulnerability allows specially crafted emails to force a target’s device to connect to a remote URL and transmit the Windows user account’s Net-NTLMv2 hash. This exploit can grant unauthenticated attackers access to the target user’s Net-NTLMv2 hash, which can then be used to launch further attacks against another service in order to authenticate as the compromised user.
Further details will be provided as More information becomes available.
Affected Versions
This vulnerability has been reported to impact all supported versions of Microsoft Outlook for Windows however does not appear to affect Outlook for Android, iOS, or macOS versions of Outlook
Indicators of compromise
Microsoft have released a Powershell script to aid in investigations for potential compromise from this vulnerability. The script is available from the following URL and can be used in an audit only capacity or in a cleanup mode:
https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/
Remediation
In this week’s Patch Tuesday, Microsoft has released a critical security update for Microsoft Outlook. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
References
- https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2023-exchange-server-security-updates/ba-p/3764224#:~:text=under%20Product%20Family).-,Awareness%3A%20Outlook%20client%20update%20for%20CVE%2D2023%2D23397%20released,-There%20is%20a
- https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
More like this
Part 1: CBEST Series – Beyond the Checklist
Explore how threat-led penetration testing helps financial institutions go beyond traditional checks to strengthen resilience and meet regulatory expectations like CBEST, STAR-FS and DORA.
EchoLeak: The Zero-Click Microsoft Copilot Exploit That Changed AI Security
AI tools like Microsoft 365 Copilot are changing how organizations work, but they are also introducing new security risks that are harder to detect and even…
Proving Resilience: The Role of Regulator-Led Testing in Strengthening Market Stability.
How regulator-led testing fortifies market stability and sets a national standard Cyber threats are constantly evolving, with organizations facing sophisticated and persistent campaigns orchestrated by well-resourced…