Exploitation of this vulnerability can take place before the email is viewed in the Preview Pane. This will leak the Net-NTLMv2 hash of the victim to the attacker who can then relay this to another service and authenticate as the victim.Īnother piece of useful information is that the Outlook Preview Pane is not an attack vector. Microsoft mentions the following about the exploitation process:Įxternal attackers could send specially crafted emails that will cause a connection from the victim to an external UNC location of attackers' control. CVE-2023-23397 has already been exploited, so it is important to update as soon as possible as. The most pressing vulnerability this month is one in Microsoft Outlook. ⚡ TL DR | Go Straight to the March 2023 Patch Tuesday Audit Report Microsoft Outlook Elevation of Privilege Vulnerability We've listed the most important changes below. The March 2023 edition of Patch Tuesday brings us 80 fixes, with 9 rated as critical.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |