CVE-2023-35311 - Microsoft Outlook Security Feature Bypass Vulnerability

Microsoft | Outlook

• Date Added:
• 2023-07-11

• Due Date:
• 2023-08-01

Vulnerability Name

Microsoft Outlook Security Feature Bypass Vulnerability

Description

Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Additional Notes

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35311; https://nvd.nist.gov/vuln/detail/CVE-2023-35311

Latest Security News

Credential Theft Becomes Cybercriminals' Favorite Target

Ferret Malware Added to 'Contagious Interview' Campaign

Zyxel won’t patch newly exploited flaws in end-of-life routers

Google Play, Apple App Store apps caught stealing crypto wallets

Cybercriminals Court Traitorous Insiders via Ransom Notes

Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Cyber agencies share security guidance for network edge devices

Chinese cyberspies use new SSH backdoor in network device hacks

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowX-Content-Type-Options Header Missing

Top CVE List

CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2015-6175 Microsoft Windows Kernel Privilege Escalation Vulnerability

CVE-2024-28986 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

CVE-2024-38217 Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2012-5076 Oracle Java SE Sandbox Bypass Vulnerability

Common CWEs

CWE-1123 Excessive Use of Self-Modifying Code

LowCWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CWE-220 Storage of File With Sensitive Data Under FTP Root

CWE-1048 Invokable Control Element with Large Number of Outward Calls

HighCWE-416 Use After Free

MediumCWE-777 Regular Expression without Anchors

HighCWE-378 Creation of Temporary File With Insecure Permissions

CWE-143 Improper Neutralization of Record Delimiters

CWE-206 Observable Internal Behavioral Discrepancy

CWE-1068 Inconsistency Between Implementation and Documented Design