Elevation of privilege vulnerability in Microsoft Outlook 1

The vulnerability allows a remote attacker to compromise the affected system and exists because the application leaks the Net-NTLMv2 hash. A remote attacker can send a specially crafted email to the victim and obtain the Net-NTLMv2 hash of the Windows account. The victim does not need to open the email, as the vulnerability is automatically triggered when the email server retrieves and processes it, for example, before the email is viewed in the preview pane.

The NTLMv2 hash obtained can be used in the NTLM relay attack against another service to authenticate itself as a user.

Note that the vulnerability is being actively exploited.

Vulnerable versions:

  • Microsoft Outlook: 2013 - 2021
  • Microsoft Office: 365 - 2021

CVE:

CVE-2023-23397

Mitigation:

Add users to the Protected Users security group, which prevents the use of NTLM as an authentication mechanism. Performing this mitigation makes it easier to troubleshoot other methods of disabling NTLM. When possible, consider using it for high-value accounts, such as domain administrators.

This may affect applications that require NTLM, however, the setting will revert once the user leaves the Protected Users group.

Block outbound TCP 445/SMB from your network using a perimeter firewall, local firewall and VPN configuration. This will prevent NTLM authentication messages from being sent to remote file shares.

If you have a service contract with Anida with which you can manage this vulnerability, do not hesitate to contact your Service Manager.

Microsoft Outlook

Microsoft Outlook

Microsoft Outlook

Cyber incidents caused by the "human factor" are often attributed to occasional employee error, but a more important element is often overlooked: deliberate malicious behavior by staff.

The leak contains user data from LinkedIn, Twitter, Weibo, Tencent and other platforms, is almost certainly the largest ever discovered.

Share

Facebook
Twitter
LinkedIn

Related articles

Contact us at
close slider