Critical Vulnerability in Microsoft Outlook for Windows

Microsoft has released security updates to address a critical vulnerability in Microsoft Outlook for Windows (CVE-2023-23397). The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the privilege escalation vulnerability could allow an attacker to remotely steal New Technology LAN Manager (NTLM) credentials by sending a malicious email. User interaction is not required to exploit this vulnerability. Stolen NTLM credentials may subsequently be used by the attacker to authenticate other systems in the network that support NTLM authentication. This vulnerability is reportedly being actively exploited.

The vulnerability affects all versions of Microsoft Outlook for Windows.

Users and administrators of affected products are advised to apply the relevant security patches immediately.

To determine if your organisation was targeted by attackers attempting to exploit this vulnerability, Microsoft has provided documentation and a script at https://aka.ms/CVE-2023-23397ScriptDoc.

In the event you discover attempts to exploit this vulnerability, please consider sharing the information with SingCERT at https://www.csa.gov.sg/reporting.

More information is available here:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397
https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23397
https://www.bleepingcomputer.com/news/security/critical-microsoft-outlook-bug-poc-shows-how-easy-it-is-to-exploit/