Actively exploited vulnerability

CVE-2023-23397: Microsoft Office Outlook Privilege Escalation Vulnerability

Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

CISA KEV source 14 Mar 2023 added 4 Apr 2023 remediation due

Affected product

Microsoft · Office

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions.

Related Yasna coverage

Recent reporting that mentions CVE-2023-23397.

Bleeping Computer5 Dec 2023

Russian hackers exploiting Outlook bug to hijack Exchange accounts

Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka "Fancybear" or "Strontium") actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. [...]