Overview
In an attempt to address the long-running Outlook vulnerability CVE-2023-23397, Microsoft released a patch earlier this week.
The CVE-2023-23397 vulnerability allows threat actors to steal Microsoft Outlook users’ NTLM credentials quickly and easily. The worrying part about this exploit was that by sending an email to the target user, the vulnerability can be exploited without the target user even having to open the email.
What platforms were affected?
There is however some good news! Microsoft have confirmed that only the windows platform using Outlook has been affected. NTLM authentication is not supported for Android, iOS, macOS, and online services.
How does it work?
Attackers can exploit CVE-2023-23397 by sending a malicious email with an extended MAPI property containing a UNC path to an attacker-controlled SMB (TCP 445) share to exploit the vulnerability. Bharat Jogi, director of vulnerability and threat research at Qualys, said
Bharat Jogi"The attack can be executed without any user interaction by sending a specially crafted email which triggers automatically when retrieved by the email server," Mike Walters, VP of Vulnerability and Threat Research at Action1, said. "This can lead to exploitation before the email is even viewed in the Preview Pane. If exploited successfully, an attacker can access a user’s Net-NTLMv2 hash, which can be used to execute a pass-the-hash attack on another service and authenticate as the user. The best course of action is to install the Microsoft update on all systems after testing it in a controlled environment."
Keep up to date!
🚀 Upgrade your tech game with our new blog posts! Expert insights and advice on the latest trends and developments in the tech industry. Click below to give your business a boost! 📲
Subscribe to our newsletter!
