CVE-2023-23397 - Microsoft Office Outlook Privilege Escalation Vulnerability
Project:Microsoft
Product:Office
Date Added:2023-03-14Due Date:2023-04-04
Vulnerability Name
Microsoft Office Outlook Privilege Escalation Vulnerability
Description
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/,
https://nvd.nist.gov/vuln/detail/CVE-2023-23397
Related News Articles
BadPilot network hacking campaign fuels Russian SandWorm attacksFebruary 13, 2025
Microsoft: Russia's Sandworm APT Exploits Edge Bugs GloballyFebruary 13, 2025
Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ CountriesFebruary 13, 2025