Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug

Snowballing PoC exploits for CVE-2023-23397 and a massive attack surface means that almost any business user could be a victim.

Dark Reading, Nathan Eddy

March 20, 2023

2 Min Read
laptop opened to microsoft outlook login page
Alamy

Microsoft recently patched a zero-day vulnerability under active exploit in Microsoft Outlook, identified as CVE-2023-23397, which could enable an attacker to perform a privilege escalation, accessing the victim's Net-NTLMv2 challenge-response authentication hash and impersonating the user.

Now it's becoming clear that CVE-2023-23397 is dangerous enough to become the most far-reaching bug of the year, security researchers are warning. Since disclosure just three days ago, more proof-of-concept (PoC) exploits have sprung onto the scene, which are sure to translate into snowballing criminal interest — helped along by the fact that no user interaction is required for exploitation.

If patching isn't possible quickly, there are some options for addressing the issue, noted below.

Easy Exploit: No User Interaction Necessary

The vulnerability allows the attackers to steal NTLM authentication hashes by sending malicious Outlook notes or tasks to the victim. These trigger the exploit automatically when they're retrieved and processed by the Outlook client, which could lead to exploitation before the email is viewed in the Preview Pane. In other words, a target doesn’t actually have to open the email to fall victim to an attack.

Discovered by researchers from Ukraine's Computer Emergency Response Team (CERT) and by one of Microsoft’s own researchers — and patched earlier this week as part of Microsoft's Patch Tuesday update — the bug affects those running an Exchange server and the Outlook for Windows desktop client. Outlook for Android, iOS, Mac, and Outlook for Web (OWA) are unaffected.

Related:8 Proactive Cybersecurity Technologies to Watch in 2023

"External attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control," says Mark Stamford, founder and CEO of OccamSec. This will leak the Net-NTLMv2 hash of the victim to the attacker, who can then relay this to another service and authenticate as the victim, he explains.

A Range of Potential Exploit Impacts

Nick Ascoli, founder and CEO of Foretrace, points out while Microsoft didn't mention how the criminals were using it within their attacks, it allows the reuse of the stolen authentication to connect to other computers over the network for lateral movement.

Continue reading this article on Dark Reading

Read more about:

MicrosoftDark Reading

About the Author(s)

Dark Reading

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to ITPro Today, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

See more from Dark Reading
Nathan Eddy

Nathan Eddy

Nathan Eddy is a freelance writer for ITProToday and covers various IT trends and topics across wide variety of industries. A graduate of Northwestern University’s Medill School of Journalism, he is also a documentary filmmaker specializing in architecture and urban planning. He currently lives in Berlin, Germany.

See more from Nathan Eddy
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

person holding a smartphone that shows a document icon and a checkmark
Regulatory Compliance
Master IT Compliance: Key Standards and Risks ExplainedMaster IT Compliance: Key Standards & Risks Explained
byBrien Posey
Jul 19, 2024
5 Min Read
Laws and regulations with padlock on cloud icons on laptop computer screen
Cloud Computing
What Is a Sovereign Cloud and Who Truly Benefits From It?What Is a Sovereign Cloud and Who Truly Benefits From It?
byChristopher Tozzi
Jul 18, 2024
6 Min Read
robot and human fingers touching
Career Management
Employees Beginning to See Benefits of AI Autonomy in the WorkplaceEmployees Beginning to See Benefits of AI Autonomy in the Workplace
byNathan Eddy
Jul 3, 2024
4 Min Read
Exclusive ITPro Resources
See all ITPro Resources

Featured How Tos

hand touches red cube via HoloLens view alongside diagram showing the app deployment workflow
Digital Transformation
How To Deploy Your App on Microsoft HoloLens 2How To Deploy Your App on Microsoft HoloLens 2
ITPro Today Data Privacy Quick Reference Guide cover image
Data Privacy
Data Privacy Quick Reference GuideData Privacy Quick Reference Guide
screenshot of unity software and a text object with the words Hello World
Digital Transformation
How To Build Apps for HoloLens 2 DevicesHow To Build Apps for Hololens 2 Devices
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up
Trending

Recent What Is

person holding a smartphone that shows a document icon and a checkmark
Regulatory Compliance
Master IT Compliance: Key Standards and Risks ExplainedMaster IT Compliance: Key Standards & Risks Explained
Laws and regulations with padlock on cloud icons on laptop computer screen
Cloud Computing
What Is a Sovereign Cloud and Who Truly Benefits From It?What Is a Sovereign Cloud and Who Truly Benefits From It?