Microsoft mitigates actively exploited EOP vulnerability in Outlook


An important security update is available for Microsoft Outlook for Windows: Shortly after the official patch day, the company submitted a separate update for Outlook that is strongly recommended to all users.

Microsoft has thus defused a security hole in Outlook for Windows which, according to the group, is already being actively exploited. Therefore, a timely update of Outlook is now urgently recommended.

Microsoft Threat Intelligence has discovered limited, targeted abuse of a vulnerability in Outlook for Windows that allows NTLM credentials to be stolen. Microsoft has all the important ones Information about the CVE-2023-23397 vulnerability published: This is therefore the critical EoP (Elevation of Privilege) vulnerability. The vulnerability is particularly dangerous because attackers can exploit it without user interaction.

The group is now also providing one Documentation and a script readywhich organizations can use to determine if they have already been attacked or if there has been an attempt to exploit the vulnerability.

Affected Products

All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.

Technical details

CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB share (TCP 445) on a threat actor controlled server sends. No user interaction is required.

The connection to the remote SMB server sends the user’s NTLM negotiation message, which the attacker can then forward to other systems that support NTLM authentication for authentication. Online services like Microsoft 365 don’t support NTLM authentication and aren’t vulnerable to attacks from these messages.

Summary

  • Microsoft has released an important security update for Outlook for Windows.
  • Microsoft mitigates a security vulnerability in Outlook for Windows.
  • According to Microsoft, the vulnerability is already being actively exploited.
  • CVE-2023-23397 is a critical EoP vulnerability that allows NTLM credential theft.
  • Microsoft provides documentation and script to determine if organizations have been attacked.
  • All supported versions of Outlook for Windows are affected, other versions are not.
  • Microsoft recommends users update Outlook as soon as possible.

See also:


Logo, Office, Email, Office 365, Mail, Outlook, Microsoft Office, microsoft 365, Microsoft Outlook, Microsoft 365 for Business, Outlook Mail, Microsoft Mail, Outlook Mobile

Share This:

California18

Welcome to California18, your number one source for Breaking News from the World. We’re dedicated to giving you the very best of News.

Leave a Reply