The Latest ‘Critical’ Microsoft Outlook Vulnerability: 5 Things To Know
Security researchers say the vulnerability is unusually dangerous and should be prioritized for patching.
Newly discovered vulnerabilities in software may be a daily occurrence, but some are a bigger problem than others. And by all indications, the zero-day vulnerability in Outlook that Microsoft disclosed earlier this week is a problematic one.
[Related: The Latest Zero-Day Vulnerabilities From Apple, Microsoft]
Security researchers say the privilege-elevation vulnerability in Outlook should be prioritized for patching, since the flaw is considered easy to exploit and is, in fact, being actively exploited. “We strongly recommend all customers update Microsoft Outlook for Windows to remain secure,” Microsoft said in a post Tuesday.
However, there’s evidence that even with the patch deployed, the critical-severity vulnerability can still be exploited under certain conditions. Microsoft acknowledged the possibility in a statement to CRN Friday, but noted that the technique for doing so, described by multiple security researchers, “requires an attacker to already have gained access to internal networks.”
The Outlook vulnerability was disclosed by Microsoft on Tuesday and is tracked at CVE-2023-23397. The company reiterated its call for organizations to patch the vulnerability in its statement Friday.
What follows are five things you need to know on the latest critical vulnerability in Microsoft Outlook.
Why It’s A Big Concern
The privilege-elevation vulnerability in Outlook has prompted calls for immediate patching on account of its unique qualities. Namely: “Unlike other exploits we’ve seen in the past, this exploit is particularly dangerous because no user interaction is required to trigger the exploit,” wrote John Hammond, senior security researcher at Huntress, in a blog post Friday. “Once an infected email arrives in a Microsoft Outlook inbox, sensitive credential hashes can be obtained.”
After the threat actor sends the malicious email, they’re able to capture what are known as Net-NTLMv2 hashes, a type of credential that can provide the attacker with authentication within Windows environments, Hammond said. “This allows threat actors to potentially authenticate themselves as the victims, escalate privileges, or further compromise the environment.”