Microsoft Outlook 2013 RT Service Pack 1.Microsoft Outlook 2013 Service Pack 1 (32-bit editions).Microsoft Outlook 2016 (64-bit edition).
The vulnerability affects different versions of Microsoft Outlook for both, 32- and 64-bit editions. Nevertheless, Microsoft has published a script to audit an Exchange server and identify mail items that could be used for exploitation. Publicly available information sources mention that the vulnerability is known to have been actively exploited in-between April and December 2022 by APT28, a Threat Actor known to be linked to Russia’s intelligence services, to target the network of government, military, energy, and transportation organisations.Īt the time of this writing, no specific details are available regarding successful exploitation of CVE-2023-23397. And by doing it, the attacker can know the required Net-NTLMv2 victim’s hash to authenticate as the victim against another service. Using NTLM Relay attack techniques, an external attacker could prepare a crafted email that once retrieved and processed by victim’s Outlook client, generates a connection from the victim to an external location of the attackers’ control. This will block all WebDAV connections, including intranet, which might impact some users or applications.ĬVE-2023-23397 is an actively exploited zero-day vulnerability affecting Microsoft Outlook that was reported in Microsoft March 2023 Patch Tuesday.
Microsoft updated their recommendations to reduce the risk of WebDAV based attacks, adding the following: Written by Lina Jiménez Becerra, Anton Jörgensson and Mark Stueck of the Kudelski Security Threat Detection & Research TeamĬVE-2023-23397: Ability to exploit an Elevation of Privileges by Microsoft Outlook processing a specially crafted incoming email
0 kommentar(er)
