Updates and Exchange test script available Thus, a successful attack does not require any interaction from the recipient. Microsoft notes in its documents that this vulnerability can be exploited before the email is displayed in the preview window. The attacker can use that hash to authenticate as the victim's recipient in an NTLM relay attack, Microsoft says. When the email is read from the server and is processed by the client, a connection can be established to an attacker-controlled device to sniff the email recipient's Net NTLMv2 hash. It is an elevation of privilege (EvP) vulnerability that has received a CVEv3 score of 9.8, which means it is rated extremely critical.Īttackers can send a malicious email to a vulnerable version of Outlook. I had already pointed out the CVE-2023-23397 vulnerability in Microsoft Outlook, which is classified as critical, in the blog post Microsoft Security Update Summary (March 14, 2023).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |