Microsoft Addresses EOP Vulnerability In Outlook
An important security update is available for Microsoft Outlook for Windows: Shortly after the official patch day, the company submitted a separate update for Outlook that is strongly recommended to all users.
Microsoft has thus defused a security hole in Outlook for Windows which, according to the group, is already being actively exploited. Therefore, a timely update of Outlook is now urgently recommended.
Microsoft Threat Intelligence has discovered limited, targeted abuse of a vulnerability in Outlook for Windows that allows NTLM credentials to be stolen. Microsoft has published all the important information about the vulnerability CVE-2023-23397: It is therefore the critical EoP vulnerability (Elevation of Privilege). The vulnerability is particularly dangerous because attackers can exploit it without user interaction.
The company is also now providing documentation and a script that organizations can use to determine if they have already been attacked or if attempts have been made to exploit the vulnerability.
Affected Products
All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, and Mac, as well as Outlook on the web and other M365 services are not affected.
Technical details
CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB share (TCP 445) on a threat-actor-controlled server sends. No user interaction is required. The connection to the remote SMB server sends the user’s NTLM negotiation message, which the attacker can then forward to other systems that support NTLM authentication for authentication. Online services like Microsoft 365 don’t support NTLM authentication and aren’t vulnerable to attacks from these messages.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.