Coverage Advisory for CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability | allinfosecnews.com

Web: https://malware.news/t/coverage-advisory-for-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/67977

March 18, 2023, 12:25 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Background:

On 14th March 2023, Microsoft released a security update guide for a critical severity vulnerability CVE-2023-23397. This vulnerability targets Microsoft Outlook and allows NTLM credentials theft which could be used for privilege escalation attacks.

What is the issue?

An attacker can send an email to the victim with an extended MAPI (Microsoft Outlook Messaging API) property with a UNC (Universal Naming Convention - A string format that specifies the location of a resource) path to an attacker-controlled SMB (TCP …

advisory cve cve-2023-23397 microsoft microsoft outlook outlook privilege vulnerability

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Avoiding data backup failures – Week in security with Tony Anscombe 6 hours ago | malware.news

backup data data backup security +1

2023-03-31 - Qakbot (Qbot), obama247 distribution tag 7 hours ago | malware.news

distribution malware analysis qakbot qbot +1

3 tips for creating backups your organization can rely on when ransomware strikes 13 hours ago | malware.news

backups ransomware tips

3 tips to raise your backup game 13 hours ago | malware.news

backup game tips

3CX Supply Chain Attack Campaign 13 hours ago | malware.news

3cx attack campaign supply +2

Healthcare vendor reports breach from 2021, at least 9 providers impacted 16 hours ago | malware.news

breach healthcare reports vendor

High-cost lender TMX Finance data breach affects nearly 5 million customers 17 hours ago | malware.news

breach cost customers data +4

Start Preparing For “THE SINGULARITY.” There is a 5% to 10% chance it will be … 17 hours ago | malware.news

Technical Advisory: Software Supply Chain Attack Against 3CX Desktop App 19 hours ago | malware.news

3cx advisory app attack +8

Snr Security Engineer (cloud)

@ Verisk | Málaga, Spain

View on infosec-jobs.com

Cybersecurity Analyst

@ Visa | Bengaluru, India

View on infosec-jobs.com

Information Security Engineer

@ ServiceNow | Orlando, FL, United States

View on infosec-jobs.com

Director of Cloud Security - 100% US REMOTE

@ Experian | Allen, TX, United States

View on infosec-jobs.com

Azure DevSecOps - Solution Architect

@ Citizant | Chantilly, VA, United States

View on infosec-jobs.com

Cybersecurity Champion

@ NielsenIQ | Chicago, IL, United States

View on infosec-jobs.com

Senior Information Security Analyst

@ QAD, Inc. | Wroclaw, Poland

View on infosec-jobs.com

VP, Information Security

@ TrueAccord | Remote

View on infosec-jobs.com

DevSecOps Engineer- (100%) ( w/m/d) - Valbonne - Hybrid Work

@ SMG Swiss Marketplace Group | Valbonne, France

View on infosec-jobs.com

Information Security Director - Attack Surface Management (100% US REMOTE)

@ Experian | Allen, TX, United States

View on infosec-jobs.com

Director - Cybersecurity and Compliance

@ Visa | Foster City, CA, United States

View on infosec-jobs.com

Senior Threat Analyst | Remote, USA

@ Optiv | Kansas City, MO

View on infosec-jobs.com