Web: https://malware.news/t/coverage-advisory-for-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/67977

March 18, 2023, 12:25 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news


On 14th March 2023, Microsoft released a security update guide for a critical severity vulnerability CVE-2023-23397. This vulnerability targets Microsoft Outlook and allows NTLM credentials theft which could be used for privilege escalation attacks.

What is the issue?

An attacker can send an email to the victim with an extended MAPI (Microsoft Outlook Messaging API) property with a UNC (Universal Naming Convention - A string format that specifies the location of a resource) path to an attacker-controlled SMB (TCP …

advisory cve cve-2023-23397 microsoft microsoft outlook outlook privilege vulnerability

Snr Security Engineer (cloud)

@ Verisk | Málaga, Spain

Cybersecurity Analyst

@ Visa | Bengaluru, India

Information Security Engineer

@ ServiceNow | Orlando, FL, United States

Director of Cloud Security - 100% US REMOTE

@ Experian | Allen, TX, United States

Azure DevSecOps - Solution Architect

@ Citizant | Chantilly, VA, United States

Cybersecurity Champion

@ NielsenIQ | Chicago, IL, United States

Senior Information Security Analyst

@ QAD, Inc. | Wroclaw, Poland

VP, Information Security

@ TrueAccord | Remote

DevSecOps Engineer- (100%) ( w/m/d) - Valbonne - Hybrid Work

@ SMG Swiss Marketplace Group | Valbonne, France

Information Security Director - Attack Surface Management (100% US REMOTE)

@ Experian | Allen, TX, United States

Director - Cybersecurity and Compliance

@ Visa | Foster City, CA, United States

Senior Threat Analyst | Remote, USA

@ Optiv | Kansas City, MO