virus logo Outbreak Alert

Microsoft Outlook Elevation of Privilege Vulnerability

Released: Mar 29, 2023

Download PDF »

Microsoft Outlook Elevation of Privilege Vulnerability Tags

High Severity

MS Outlook Platform

Microsoft Vendor

Subscribe

No-interaction, zero day vulnerability exploited in the wild

CVE-2023-23397 is a critical elevation of privilege (EoP) vulnerability in Microsoft Outlook. It is a zero-touch exploit, meaning the security flaw requires no user interaction to be abused. All supported versions of Microsoft Outlook for Windows are affected including other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web. Learn More »

Common Vulnerabilities and Exposures


Background

CVE-2023-23397 is a critical privilege elevation/authentication bypass vulnerability in Outlook, released as part of the March Patch Tuesday set of fixes. Threat actors are exploiting this vulnerability by sending a malicious email which again, does not need to be opened. From here, attackers may capture Net-NTLMv2 hashes, which enable authentication in Windows environments. This allows threat actors to potentially authenticate themselves and escalate privileges, or further compromise the environment.

Click here to analyze the

Real-Time Threat Map

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


March 14, 2023: Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/


March 24, 2023: Microsoft released guidance for investigating attacks using CVE-2023-23397
https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/

FortiGuard Labs recommends users to follow vendor guidelines for patching affected versions of Outlook. Microsoft has also provided a PowerShell script designed to scan emails, calendar entries, and task items, and to verify if they have the malicious property. https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Security/CVE-2023-23397.md.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • AV

  • Vulnerability

  • AV (Pre-filter)

  • Behavior Detection

  • Anti-spam

  • IPS

DETECT

  • IOC

  • Outbreak Detection

  • Threat Hunting

  • Content Update

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.