Web: https://securityboulevard.com/2023/03/coverage-advisory-for-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/

March 18, 2023, 12:23 a.m. | Rohit Hegde

Security Boulevard securityboulevard.com

Background:


On 14th March 2023, Microsoft released a security update guide for a critical severity vulnerability CVE-2023-23397. This vulnerability targets Microsoft Outlook and allows NTLM credentials theft which could be used for privilege escalation attacks.


What is the issue?


An attacker can send an email to the victim with an extended MAPI (Microsoft Outlook Messaging API) property with a UNC (Universal Naming Convention - A string format that specifies the location of a resource) path to an attacker-controlled SMB (TCP …

advisory cve cve-2023-23397 microsoft microsoft outlook outlook privilege vulnerability

Associate Security Architect

@ Fivesky | Alpharetta, GA

Director Information Security

@ Aptos | United States - Atlanta, Georgia

DevSecOps Engineer (Belgrade - hybrid remote)

@ SMG Swiss Marketplace Group | Beograd, Serbia

Security Analytics Lead

@ Dynatrace | Tallinn, Estonia

C002543 Engineer (Digital Forensics Analysis) (NS) - THU 6 Apr RELAUNCH

@ EMW, Inc. | Mons, Wallonia, Belgium

Senior Architect Cloud and Security Engineer (Threat Modeling)

@ Publicis Groupe | Los Angeles, California, United States

Senior Cloud Security Operations Engineer - AWS

@ MUFG Investor Services | London, United Kingdom

Cybersecurity Engineer (ForgeRock openAM, SAML, OpenID, OAuth)

@ Visa | Bengaluru, India

Software Engineer, Product Security

@ Block | San Francisco, CA, United States

Security Internship - Application Security Intern

@ Highspot | Vancouver, BC

Cloud Security Engineer

@ XOR Security | Washington, DC

Cyber Security Consultant Intern - ETAS

@ Bosch Group | Plymouth, MI, United States