all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-23397 - Critical Elevation of Privilege zero-day in Microsoft Outlook, severity 9.8

Add to bookmarks

Web: https://www.reddit.com/r/cybersecurity/comments/11sw7z7/cve202323397_critical_elevation_of_privilege/

March 16, 2023, 2:48 p.m. | /u/MartinZugec

cybersecurity www.reddit.com

There is a new critical CVE in Microsoft Outlook:

[https://nvd.nist.gov/vuln/detail/CVE-2023-23397](https://nvd.nist.gov/vuln/detail/CVE-2023-23397)

* Exploited to steal NTLM hashes
* Used to target European organizations
* Leveraged for almost a year by APT28 (Russia)
* Reported by CERT-UA (Ukraine)

This is actively exploited, patch immediately. Microsoft also provided a script that checks Exchange items for malicious messaging items: [https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Security/CVE-2023-23397.md](https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Security/CVE-2023-23397.md)

critical cve cve-2023-23397 cybersecurity microsoft microsoft outlook outlook privilege severity zero-day

Visit resource

More from www.reddit.com / cybersecurity

US regulator takes action to ensure internet security in connected medical devices 4 hours ago | www.reddit.com
action cybersecurity devices internet +4
10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack 6 hours ago | www.reddit.com
3cx attack bug cybersecurity +5
Risk Assessment vs Security Assessment vs Gap Analysis 12 hours ago | www.reddit.com
analysis assessment cybersecurity gap +4
Hackers exploit WordPress plugin flaw that gives full control of millions of sites 22 hours ago | www.reddit.com
control cybersecurity exploit flaw +5
Is it normal to struggle with CTFs even if you are a full time cybersec … 1 day, 3 hours ago | www.reddit.com
cybersec cybersecurity full
Thousands vulnerable in latest supply chain cyberattack, reports warn 1 day, 8 hours ago | www.reddit.com
cyberattack cybersecurity latest reports +3
Looking for advice on resume and job titles 1 day, 9 hours ago | www.reddit.com
advice cybersecurity job resume
Cybersecurity film suggestion 1 day, 11 hours ago | www.reddit.com
cybersecurity film
Help! With burn-out in Cyber 1 day, 12 hours ago | www.reddit.com
cyber cybersecurity help

Latest InfoSec / Cybersecurity Jobs

View more jobs Post a job on infosec-jobs.com

Product Security Architect / Red Team PenTester for AUTOSAR (m/w/d)

@ Bosch Group | Stuttgart, Germany
View on infosec-jobs.com

Cloud Security Engineer - 100% US REMOTE

@ Experian | Allen, TX, United States
View on infosec-jobs.com

System Security Analyst

@ Ashburn Consulting | Baltimore, MD, United States
View on infosec-jobs.com

Senior Advisor, Cyber

@ NielsenIQ | Chicago, IL, United States
View on infosec-jobs.com

Junior Application Security Engineer

@ Netcompany-Intrasoft | Athens, Greece
View on infosec-jobs.com

IT and process Control Security Architect

@ Statkraft | Oslo, Norway
View on infosec-jobs.com

Data Scientist, Sr. Consultant - Cybersecurity AI Research & Products

@ Visa | Ashburn, VA, United States
View on infosec-jobs.com

Senior Platform Security Engineer

@ Block | Melbourne, Australia
View on infosec-jobs.com

Snr Security Engineer (cloud)

@ Verisk | Málaga, Spain
View on infosec-jobs.com

Cybersecurity Analyst

@ Visa | Bengaluru, India
View on infosec-jobs.com

Information Security Engineer

@ ServiceNow | Orlando, FL, United States
View on infosec-jobs.com

Director of Cloud Security - 100% US REMOTE

@ Experian | Allen, TX, United States
View on infosec-jobs.com