Microsoft fixes Outlook zero-day vulnerability exploited by Russian hackers



Microsoft has distributed a patch for a zero-day vulnerability (CVE-2023-23397) in the email software 'Microsoft Outlook for Windows'. It has been pointed out that this vulnerability was exploited by a Russian hacker group.

Microsoft Mitigates Outlook Elevation of Privilege Vulnerability | MSRC Blog | Microsoft Security Response Center

https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/



Microsoft fixes Outlook zero-day used by Russian hackers since April 2022

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-zero-day-used-by-russian-hackers-since-april-2022/



Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability - MDSec

https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/

CVE-2023-23397 is triggered by an attacker sending a message with an extended MAPI property that contains a UNC path to an SMB ( TCP port 445 ) share on a server controlled by the threat actor, causing the New Technology LAN Manager A critical privilege escalation vulnerability in Microsoft Outlook's filtering service, Exchange Online Protection, that can steal (NTLM) credentials.

This vulnerability affects all versions of Microsoft Outlook for Windows, but does not affect Outlook for macOS, iOS, and Android.

Also, online services like Outlook on the Web and Microsoft 365 do not support NTLM authentication and are therefore immune to this type of attack.

According to the news site Bleeping Computer, this vulnerability was discovered by a hacker group linked to the Russian Military General Staff Intelligence Directorate (GRU), which targeted European government agencies, military, energy-related, and transportation organizations from April to December 2022. It was exploited in an attack that targeted the network.

Microsoft has published a script that checks Exchange messaging items to see if they have UNC paths in their properties and are thus not subject to this attack.

CVE-2023-23397 script - Microsoft - CSS-Exchange
https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/



in Software,   Security, Posted by logc_nt