all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-23397 - Critical Elevation of Privilege zero-day in Microsoft Outlook, severity 9.8

Add to bookmarks
March 16, 2023, 2:48 p.m. | /u/MartinZugec

cybersecurity www.reddit.com

There is a new critical CVE in Microsoft Outlook:

[https://nvd.nist.gov/vuln/detail/CVE-2023-23397](https://nvd.nist.gov/vuln/detail/CVE-2023-23397)

* Exploited to steal NTLM hashes
* Used to target European organizations
* Leveraged for almost a year by APT28 (Russia)
* Reported by CERT-UA (Ukraine)

This is actively exploited, patch immediately. Microsoft also provided a script that checks Exchange items for malicious messaging items: [https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Security/CVE-2023-23397.md](https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Security/CVE-2023-23397.md)

apt28 cert cert-ua critical cve cve-2023-23397 cybersecurity exploited hashes microsoft microsoft outlook ntlm ntlm hashes organizations outlook privilege russia severity steal target ukraine zero-day

Visit resource

More from www.reddit.com / cybersecurity

Cybersecurity self learning 8 hours ago | www.reddit.com
blue blue team can college +7
I am a new soc analyst , can you suggest me some dashboard ideas that … 13 hours ago | www.reddit.com
analyst can cybersecurity dashboard +6
Has anyone transitioned from army intelligence analyst to corporate threat Intel analyst? 14 hours ago | www.reddit.com
analyst army corporate cybersecurity +6
Onboarding SIEM solutions Best and Worst 18 hours ago | www.reddit.com
client cybersecurity experiences onboarding +4
What were the best cybersecurity courses you ever had? 18 hours ago | www.reddit.com
analyst courses cybersecurity cybersecurity courses +10
Malwares as a plural 20 hours ago | www.reddit.com
cybersecurity learn malicious malware +6
Multiple botnets exploiting one-year-old TP-Link flaw to hack routers 21 hours ago | www.reddit.com
botnets cybersecurity exploiting flaw +5
Cerebral to pay $7 million settlement in Facebook pixel data leak case 21 hours ago | www.reddit.com
case cerebral cybersecurity data +6
How does KnowBe4 spoof the company domain? 21 hours ago | www.reddit.com
attackers can cybersecurity domain +4

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Program Associate, Cyber Risk

@ Kroll | Toronto, ONT, Canada
View on infosec-jobs.com

Cybersecurity Operations Engineer 2

@ Humana | Remote US
View on infosec-jobs.com

Vice President - Lead Security Engineer (SECS04)

@ JPMorgan Chase & Co. | Columbus, OH, United States
View on infosec-jobs.com

Security Specialist

@ BGIS | Markham, ON, Canada
View on infosec-jobs.com
View more jobs