CVE Trend Report – April 2023 Vulnerability Statistics and Major Issues Posted By ahnlabti , June 9, 2023 Following the recent abuse of vulnerabilities in various malware distributions and attacks, it is becoming more crucial to detect said information early on. Zero-day and other various vulnerabilities are typically spread faster through social networks. AhnLab provides the trend of current vulnerabilities through the ATIP service based on the information collected by the in-house infrastructure. Additionally, ATIP offers information on said vulnerabilities’ characteristics and countermeasures through related News Clippings, ASEC Notes, analysis reports, security advisories, and more. This report introduces…
CVE Trend Report – March 2023 Vulnerability Statistics and Major Issues Posted By ahnlabti , May 24, 2023 Following the recent abuse of vulnerabilities in various malware distributions and attacks, it is becoming more crucial to detect said information early on. Zero-day and other various vulnerabilities are typically spread faster through social networks. AhnLab provides the trend of current vulnerabilities through the ATIP service based on the information collected by the in-house infrastructure. Additionally, ATIP offers information on said vulnerabilities’ characteristics and countermeasures through related news clippings, ASEC Notes, analysis reports, security advisories, and more. This report introduces…
Microsoft Office Outlook Vulnerability (CVE-2023-23397) Appearance and Manual Measure Guide Posted By ASEC , March 29, 2023 AhnLab Security Emergency response Center (ASEC) recently published a notice about a Microsoft Office Outlook vulnerability. CVE-2023-23397 is a vulnerability that leaks a user’s account credentials upon receiving an email and triggering a notification. The stolen information includes the ‘NTLM’ hash value, which contains the password hashing information for the logged-in account. Threat actors can exploit this information for internal propagation and further compromise of the system. The application of security patches is essential to prevent the exposure of vulnerabilities,…
Warning for Microsoft Office Outlook Privilege Escalation Vulnerability (CVE-2023-23397) Posted By gygy0101 , March 23, 2023 Overview Microsoft has discovered a vulnerability in Outlook for Windows that is being exploited to steal NTLM credentials. Microsoft has assigned the code CVE-2023-23397 to this vulnerability. The company gave it an unusually high CVSS score of 9.8, with CVSS being the evaluation score for the severity level. Vulnerability Details Outlook has a ‘Reminder’ feature which alerts users of schedules on their calendar. The following alert is also displayed when the schedule period has elapsed. Figure 1. Outlook Reminder feature The…
