Web: https://www.reddit.com/r/cybersecurity/comments/11sw7z7/cve202323397_critical_elevation_of_privilege/

March 16, 2023, 2:48 p.m. | /u/MartinZugec

cybersecurity www.reddit.com

There is a new critical CVE in Microsoft Outlook:


* Exploited to steal NTLM hashes
* Used to target European organizations
* Leveraged for almost a year by APT28 (Russia)
* Reported by CERT-UA (Ukraine)

This is actively exploited, patch immediately. Microsoft also provided a script that checks Exchange items for malicious messaging items: [https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Security/CVE-2023-23397.md](https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Security/CVE-2023-23397.md)

critical cve cve-2023-23397 cybersecurity microsoft microsoft outlook outlook privilege severity zero-day

Product Security Architect / Red Team PenTester for AUTOSAR (m/w/d)

@ Bosch Group | Stuttgart, Germany

Cloud Security Engineer - 100% US REMOTE

@ Experian | Allen, TX, United States

System Security Analyst

@ Ashburn Consulting | Baltimore, MD, United States

Senior Advisor, Cyber

@ NielsenIQ | Chicago, IL, United States

Junior Application Security Engineer

@ Netcompany-Intrasoft | Athens, Greece

IT and process Control Security Architect

@ Statkraft | Oslo, Norway

Data Scientist, Sr. Consultant - Cybersecurity AI Research & Products

@ Visa | Ashburn, VA, United States

Senior Platform Security Engineer

@ Block | Melbourne, Australia

Snr Security Engineer (cloud)

@ Verisk | Málaga, Spain

Cybersecurity Analyst

@ Visa | Bengaluru, India

Information Security Engineer

@ ServiceNow | Orlando, FL, United States

Director of Cloud Security - 100% US REMOTE

@ Experian | Allen, TX, United States