Microsoft Outlook Vulnerability Could Be 2023’s ‘It’ Bug
Courtney Thomas2023-03-23T18:13:38+00:00Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug Microsoft recently patched a zero-day vulnerability under active exploit in Microsoft Outlook, identified as CVE-2023-23397, which could enable an attacker to perform a privilege escalation, accessing the victim's Net-NTLMv2 challenge-response authentication hash and impersonating the user. Now it's becoming clear that CVE-2023-23397 is dangerous enough to become the most far-reaching bug of the year, security researchers are warning. Since disclosure just three days ago, more proof-of-concept (PoC) exploits have sprung onto the scene, which are sure to translate into snowballing criminal interest — helped along by the fact that no user interaction is required for exploitation. If patching isn't possible quickly, there are some options for addressing the issue, noted below. Easy Exploit: No User Interaction Necessary The vulnerability allows the attackers to steal NTLM authentication hashes by sending malicious Outlook notes or tasks to the victim. These trigger the exploit automatically when they're retrieved and processed by the Outlook client, which [...]