Microsoft Outlook for Windows 0-Day Vulnerability - CVE-2023-23397

16 Mar / 2023

Microsoft Outlook for Windows 0Day vulnerability

CVE: CVE-2023-23397

WHAT IS VULNERABLE?

  • All versions of Outlook for Windows
  • Outlook Web Access, Mobile and MacOS are unaffected.

WHAT IS HAPPENING?

  • Microsoft recently published an update for Outlook for Windows that patches a previously unknown vulnerability.
  • This vulnerability in Outlook allows an attacker to steal Credentials using NTLM and a malicious server without user intervention.
  • This attacker behaviour has been seen in the wild and is being actively exploited.

KEY FACTS

  • Attackers are using a Privilege Escalation Vulnerability in Outlook to steal NTLM credentials BEFORE the user opens the malicious email.
  • They do this by sending an email with a malicious extended MAPI property supplying a UNC path that does not need to be in your environment.
  • This UNC path is for an SMB Share on an attacker-controlled server.
  • The connection to the SMB Share sends the Users NTLM negotiation message.
  • This allows the malicious actor to use that NTLM negotiation message against other systems in your environment that support NTLM.

WHAT YOU CAN DO?

ASSESSING FOR POSSIBLE IMPACT

  • To determine if your organization was targeted by actors attempting to use this vulnerability, Microsoft is providing documentation and a script at https://aka.ms/CVE-2023-23397ScriptDoc.
  • Organizations should review the output of this script to determine risk. Tasks, email messages and calendar items that are detected and point to an unrecognized share should be reviewed to determine if they are malicious. If objects are detected, they should be removed or clear the parameter.
  • If no objects are detected, it is unlikely the organization was targeted via CVE-2023-23397.

Cythera is committed to protecting our customers from cyber threats and ensuring their business continuity.

Resources

You may be interested in

How to build a robust cybersecurity penetration testing program.

In light of growing high-profile cyber security attacks in Australia, a number of organisations and enterprises are looking to improve their cyb…

Read More arrow_forward

Common Scenarios Where Organisational Oversight Leads To Key Cyber Vulnerabilities

Common Scenarios Where Organisational Oversight Leads To Key Cyber Vulnerabilities As Australian organisations move into 2024, there's an incre…

Read More arrow_forward

Why You Shouldn’t Be Reusing Passwords In 2020

Who out there has been guilty of reusing a password? We’re all guilty of it! Results from a recent Google survey discovered that at least 65% …

Read More arrow_forward