all InfoSec news
Coverage Advisory for CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
Security Boulevard securityboulevard.com
Background:
On 14th March 2023, Microsoft released a security update guide for a critical severity vulnerability CVE-2023-23397. This vulnerability targets Microsoft Outlook and allows NTLM credentials theft which could be used for privilege escalation attacks.
What is the issue?
An attacker can send an email to the victim with an extended MAPI (Microsoft Outlook Messaging API) property with a UNC (Universal Naming Convention - A string format that specifies the location of a resource) path to an attacker-controlled SMB (TCP …
advisory api attacks credentials credentials theft critical cve cve-2023-23397 email escalation guide issue march messaging microsoft microsoft outlook ntlm outlook privilege privilege escalation security security update security update guide send severity theft unc update victim vulnerability what is