Threat Advisory

Critical Zero-day vulnerability in Microsoft Outlook

April 3, 2023 | By Accorian

Microsoft recently released a patch for a new privilege escalation vulnerability (CVE-2023-23397) that impacts all versions of Microsoft Outlook on Windows. The vulnerability is being tracked as CVE-2023-23397 and holds a CVSS score of 9.8. By sending a specially crafted email, an attacker can remotely obtain hashed passwords without the victim ever having to open them. Microsoft has now officially released patches for the vulnerability, but it has been exploited as a zero-day vulnerability in NTLM-relay attacks since mid-April 2022.

Without the interaction of the user, an attacker can steal NTLM credentials by sending a malicious email. Exploitation takes place when the system’s reminder is triggered, and Outlook is opened. According to Microsoft, by sending a message with an extended MAPI property and a UNC path to an SMB (TCP 445) share on a server under the attacker’s control, an attacker can exploit the vulnerability to retrieve NTLM hashes.

Accorian recommends that organizations update Microsoft Outlook for Windows as soon as possible. If not possible immediately, block outbound SMB (TCP port 445) and add users to the Protected Users group in Active Directory. This would limit the impact of the vulnerability. Accorian can help you identify the vulnerability in your environment. For more information. kindly reach out to us.

Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

Threat Advisory Team 

Accorian

Recent Post

Ready to Start?

Ready to Start?​


Drop your CVs to joinourteam@accorian.com

Interested Position

Download Case study

Download SOC2 Guide