Among the many patches and bug fixes Microsoft released March 14 for its monthly Patch Tuesday event was one for its Outlook Windows email clients. The CVE-2023-23397 patch fixes a critical bug that, according to a report from BleepingComputer, fixes a zero-day exploit that was being used by a Russian hacker group.
The site says it has read a private threat analytics report from Microsoft that it sent to its Defender customers about the exploit. It stated that the hacking group was using the vulnerability to attack a number of European government and military organizations in 2022.
Microsoft also made a public post about the Outlook exploit on its MSRC site. It stated:
CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server. No user interaction is required.
The connection to the remote SMB server sends the user’s NTLM negotiation message, which the attacker can then relay for authentication against other systems that support NTLM authentication.
The post added that Microsoft 365 does not use NTLM authentication so it is not affected by this zero-day exploit. Microsoft strongly recommends that all of its customers update Outlook for Windows to deal with the threat.
Source: BleepingComputer