The exploit for this vulnerability is triggered when an attacker sends a specially crafted email using an extended MAPI ( Microsoft Outlook Messaging Application Programming Interface) property containing the UNC (Universal Naming Convention) path of an attacker-controlled SMB (Server Message Block) share (running on TCP port 445). This vulnerability, according to Microsoft, has been used in attacks to target and breach the networks of fewer than 15 Russian and EU government, military, energy, and transportation organizations between mid-April and December 2022. This was originally identified in cooperation with CERT-UA (the Computer Emergency Response Team for Ukraine). The vulnerability identified by CVE-2023-23397, has been patched by Microsoft on 14 March, 2022 with it’s Patch Tuesday releases. This vulnerability is being highlighted due to the ease of its exploit and wide usage of Outlook and Office.
In this instance, this increased privilege could allow an attacker to obtain the victim’s password hash. This means that when the vulnerability is exploited the application gains rights or privileges that should not normally be available to it. This vulnerability is an elevation-of-privilege (EoP) vulnerability in Microsoft Outlook.
Microsoft disclosed a Microsoft Outlook Vulnerability (an RCE – remote code execution) titled “Microsoft Outlook Elevation of Privilege Vulnerability” and designated as CVE-2023-23397 with its patch Tuesday release (March 14th 2023). Bill Niester Ma9 min read Security Posture Summary:
0 kommentar(er)
