“Online services such as Microsoft 365 do not support NTLM authentication and are not vulnerable to being attacked by these messages,” Microsoft pointed out. The flaw affects all supported versions of Microsoft Outlook for Windows, but not Outlook for Mac, iOS or Android, or Outlook on the web.
“This is because the vulnerability is triggered on the email server side, meaning exploitation would occur before a victim views the malicious email,” he told Help Net Security.
Satnam Narang, senior staff research engineer at Tenable, notes that Outlook vulnerabilities are often triggerable by the Preview Pane functionality, but not this one. “The connection to the remote SMB server sends the user’s NTLM negotiation message, which the attacker can then relay for authentication against other systems that support NTLM authentication.” No user interaction is required,” Microsoft explained. “CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server.
DOWNLOAD MICROSOFT OFFICE FOR MAC UNC PATCH
It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 76 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, CVE-2023-24880) by different threat actors.
0 kommentar(er)
