Microsoft Outlook Elevation of Privilege Vulnerability
High Severity
MS Outlook Platform
Microsoft Vendor
Vulnerability Type
No-interaction, zero day vulnerability exploited in the wild
CVE-2023-23397 is a critical elevation of privilege (EoP) vulnerability in Microsoft Outlook. It is a zero-touch exploit, meaning the security flaw requires no user interaction to be abused. All supported versions of Microsoft Outlook for Windows are affected including other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web. Learn More »
Common Vulnerabilities and Exposures
Background
CVE-2023-23397 is a critical privilege elevation/authentication bypass vulnerability in Outlook, released as part of the March Patch Tuesday set of fixes. Threat actors are exploiting this vulnerability by sending a malicious email which again, does not need to be opened. From here, attackers may capture Net-NTLMv2 hashes, which enable authentication in Windows environments. This allows threat actors to potentially authenticate themselves and escalate privileges, or further compromise the environment.
Threat Radar Overall Score: 4.0
CVSS Rating | 9.0 | |
FortiRecon Score | 96/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 92.64% | |
FortiGuard Telemetry | 10 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
March 14, 2023: Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/
March 24, 2023: Microsoft released guidance for investigating attacks using CVE-2023-23397
https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/
FortiGuard Labs recommends users to follow vendor guidelines for patching affected versions of Outlook. Microsoft has also provided a PowerShell script designed to scan emails, calendar entries, and task items, and to verify if they have the malicious property. https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Security/CVE-2023-23397.md.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
Vulnerability
-
AV (Pre-filter)
-
Behavior Detection
-
Anti-spam
-
IPS
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
AV Detects and blocks known malware payloads related to CVE-2023-23397
Vulnerability Detects vulnerable instances of Microsoft Outlook (CVE-2023-23397)
AV (Pre-filter) Detects and blocks known malware payloads related to CVE-2023-23397
Behavior Detection Behavior Dectection Engine detects unknown and 0day threats
Anti-spam Detects and filters spam from mailboxes
IPS Detects and blocks attack attempts related to CVE-2023-23397
Outbreak Detection
Threat Hunting
Assisted Response Services Experts to assist you with analysis, containment and response activities.
Automated Response Services that can automaticlly respond to this outbreak.
FortiClient Forensics
InfoSec Services Security readiness and awareness training for SOC teams, InfoSec and general employees.
Attack Surface Monitoring (Inside & Outside) Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.