all InfoSec news
Micropatches Released for Microsoft Outlook Information Disclosure Vulnerability (CVE-2023-35636)
Malware Analysis, News and Indicators - Latest topics malware.news
In December 2023, still-Supported Microsoft Outlook versions got an official patch for CVE-2023-35636, a vulnerability that allowed an attacker to coerce user's Outlook to authenticate to attacker's remote server, revealing user's NTLM hash in the process.
The vulnerability was discovered by Varonis researcher Dolev Taler, who wrote up a detailed article about it. In summary, a calendar file attached to an email can point to any URL, including a UNC path on a remote computer - and when …
article attacker authenticate coerce cve cve-2023-35636 december december 2023 disclosure hash information information disclosure information disclosure vulnerability microsoft microsoft outlook ntlm official outlook patch process remote server researcher server varonis vulnerability