Critical security vulnerability - Microsoft Outlook

Critical security vulnerability - Microsoft Outlook

Microsoft has announced the discovery of a security vulnerability affecting various versions of Outlook for Windows. The exploitation of this vulnerability allows a malicious person to steal the victim's NTLM credentials.

This vulnerability, whose CVE is CVE-2023-23397, has a score of 9.8 (CRITICAL). The complexity of the attack is LOW, which means that the vulnerability can be exploited by someone with little cybersecurity skill.

The exploitation of the vulnerability does not require user intervention.

Affected Outlook versions

• Microsoft Outlook 2013 RT Service Pack 1
• Microsoft Outlook 2013 Service Pack 1
• Microsoft Outlook 2016
• Microsoft Office 2019
• Microsoft Office LTSC 2021
• Microsoft 365 Apps for Business

How to know if you've been attacked

• Microsoft has made a script available to the public that allows you to check if this vulnerability has been exploited in your network. Here is the link to download the script.

Streamscan makes this additional recommendation

• Check your firewall logs with to identify outgoing communications on port 445/SMB. If there are any, you may have been the victim of the exploitation of this vulnerability. In such a case, you should switch to incident response mode and isolate the machines that initiated the outgoing communications on port 445/SMB.

Recommendations

• Apply immediately the Microsoft patches for this vulnerability. Here is the link to download the patch.

• Block in your firewall the outgoing TCP 445/SMB communications from your network.

• Restrict the use of NTLM.

Considerations on the vulnerabilities with a score of 9.8 (critical)

• The CRITICAL score of the vulnerability means that:
• The vulnerability can be exploited remotely
• The vulnerability can be easily exploited.
• No authentication is required to exploit the vulnerability.
• The attacker does not need to know the password of the attacked server
• the impacts is HIGH.

It is therefore urgent to fix this vulnerability.

What we have done for existing Streamscan MDR customers

• We have added patterns to our CDS technology to detect suspicious behavior related to attempts to exploit this vulnerability. We will be alerted if a malicious person tries to exploit this vulnerability in your network.
• We maintain our level of vigilance when monitoring your network.
• We are available to help you fix this vulnerability in your network.

How can Streamscan help you?

Cyber attacks are exploding all the time. Without continuous security monitoring, you are completely blind to the attacks targeting you. You can't defend against what you can't see.

Let us put our eyes on your network. Join our MDR managed monitoring platform powered by our CDS cyber threat detection technology and keep yourself safe from cyberattacks.

Contact us at +1 877 208-9040 or talk to one of our experts.