CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability | Microsoft Office | Critical | 20-03-2023 |
Technical Information
An elevation of privilege vulnerability where an attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim. Researchers have found sample of email which suggests that this vulnerability is being exploited in the wild.
Further information on this vulnerability is available at : CVE-2023-23397
Affected Software
Microsoft Office LTSC 2021 for 32-bit editionsMicrosoft Outlook 2016 (32-bit edition)
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office 2019 for 64-bit editions
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2019 for 32-bit editions
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2016 (64-bit edition)