Service Bulletin

Please share the following with your technical teams.

Information Security has noticed a recent Microsoft Outlook zero-day vulnerability exploited in the wild (CVE-2023-23397) which allows remote attackers to steal hashed passwords.

Severity level 

CVSS Score: 9.8/ Critical

Description

An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user. No user interaction is needed as exploitation occurs when Outlook is open and the reminder is triggered on the system.

Affected Versions
All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook, including Android, iOS, Mac, and Outlook on the web, as well as other M365 services, are not affected.

Impact

Attacker can use the hash to authenticate the user services.

Resolution

Appy the patches for March 2023 monthly rollup immediately.

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

https://www.cyber.gc.ca/en/alerts-advisories/microsoft-outlook-zero-day-vulnerability-allowing-ntlm-credential-theft

https://www.cyber.gc.ca/en/alerts-advisories/microsoft-outlook-zero-day-vulnerability-allowing-ntlm-credential-theft

https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2023-patch-tuesday-fixes-2-zero-days-83-flaws/

https://blog.talosintelligence.com/microsoft-patch-tuesday-for-march-2023-snort-rules-and-prominent-vulnerabilities/

Contact

Client Services at askit@yorku.ca or 416 736 5800

PRIVACY POLICY | VISIT WWW.YORKU.CA
This email was sent by: York University, 4700 Keele Street, Toronto, Ontario M3J 1P3

This email is viewed best in Microsoft Outlook for web