all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Coverage Advisory for CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability

Add to bookmarks
March 18, 2023, 12:25 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Background:


On 14th March 2023, Microsoft released a security update guide for a critical severity vulnerability CVE-2023-23397. This vulnerability targets Microsoft Outlook and allows NTLM credentials theft which could be used for privilege escalation attacks.


What is the issue?


An attacker can send an email to the victim with an extended MAPI (Microsoft Outlook Messaging API) property with a UNC (Universal Naming Convention - A string format that specifies the location of a resource) path to an attacker-controlled SMB (TCP …

advisory api attacks credentials credentials theft critical cve cve-2023-23397 email escalation guide issue march messaging microsoft microsoft outlook ntlm outlook privilege privilege escalation security security update security update guide send severity theft unc update victim vulnerability what is

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

More on the PAN-OS CVE-2024-3400 42 minutes ago | malware.news
alto april customer cve +29
LabHost Phishing Platform is Latest Target of International Law Agencies an hour ago | malware.news
as-a-service countries cybercriminal disrupt +19
Active adversary report: Ransomware hit a ceiling, but security teams at risk for more pain an hour ago | malware.news
active adversary adversary article attacks +8
The CVE's They are A-Changing!, (Wed, Apr 17th) 2 hours ago | malware.news
changing cve downloads feed +7
Akira takes in $42 million in ransom payments, now targets Linux servers 2 hours ago | malware.news
akira article critical functions +12
How to Determine Causal Effects when A/B Tests are Infeasible through Adopter Analysis 4 hours ago | malware.news
analysis article blog global +6
In memoriam: Steven Young, respected CISO and former Cybersecurity Collaborative VP 4 hours ago | malware.news
article blue blue shield california +10
Malware Mondays Episode 02 - Investigating Processes with Process Explorer and System Informer 4 hours ago | malware.news
malware analysis topic
Cloud Protection: Move Beyond Hygiene & Protect Cloud Assets 5 hours ago | malware.news
and response article assets beyond +26

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Cybersecurity Triage Analyst

@ Peraton | Linthicum, MD, United States
View on infosec-jobs.com

Associate DevSecOps Engineer

@ LinQuest | Los Angeles, California, United States
View on infosec-jobs.com

DORA Compliance Program Manager

@ Resillion | Brussels, Belgium
View on infosec-jobs.com

Head of Workplace Risk and Compliance

@ Wise | London, United Kingdom
View on infosec-jobs.com
View more jobs