Microsoft Outlook Elevation of Privilege Vulnerability

Impact: Elevation of Privilege

Max Severity: Critical

CVE-2023-23397 is an elevation of privilege vulnerability in Microsoft Outlook that was assigned a CVSSv3 score of 9.8 and was exploited in the wild. The vulnerability can be exploited by sending a malicious email to a vulnerable version of Outlook. When the email is processed by the server, a connection to an attacker-controlled device can be established in order to leak the Net-NTLMv2 hash of the email recipient. The attacker can use this hash to authenticate as the victim recipient in an NTLM relay attack. Microsoft notes that this exploitation can occur before the email is viewed in the Preview Pane, meaning no interaction from the victim recipient is needed for a successful attack.

The discovery of this vulnerability is credited to the Computer Emergency Response Team of Ukraine (CERT-UA) and Microsoft research teams.

Please can your users check if their PCs are requiring a restart due to Windows updates, this is generally notified in the bottom right-hand corner near the system clock. Or by right clicking the windows icon, selecting update and restart if this option is available.

 Regarding the Office updates please could your users;

1.    Open MS Word
2.    Click on Account (bottom left)
3.    Check the version in the About Word section (right hand side, middle)
4.    If the version is this build or above, they are protected.

Office 2021 Retail: Version 2301 (Build 16130.20306)
Office 2019 Retail: Version 2302 (Build 16130.20306)
Office 2016 Retail: Version 2302 (Build 16130.20306)
Microsoft 365 Apps Version 2302 (Build 16130.20306)

Recommended; The user can press the Update Options button and press Update Now, to receive the very latest update.