Microsoft Office Outlook Vulnerability (CVE-2023-23397) Appearance and Manual Measure Guide Posted By ASEC , March 29, 2023 AhnLab Security Emergency response Center (ASEC) recently published a notice about a Microsoft Office Outlook vulnerability. CVE-2023-23397 is a vulnerability that leaks a user’s account credentials upon receiving an email and triggering a notification. The stolen information includes the ‘NTLM’ hash value, which contains the password hashing information for the logged-in account. Threat actors can exploit this information for internal propagation and further compromise of the system. The application of security patches is essential to prevent the exposure of vulnerabilities,…
Warning for Microsoft Office Outlook Privilege Escalation Vulnerability (CVE-2023-23397) Posted By gygy0101 , March 23, 2023 Overview Microsoft has discovered a vulnerability in Outlook for Windows that is being exploited to steal NTLM credentials. Microsoft has assigned the code CVE-2023-23397 to this vulnerability. The company gave it an unusually high CVSS score of 9.8, with CVSS being the evaluation score for the severity level. Vulnerability Details Outlook has a ‘Reminder’ feature which alerts users of schedules on their calendar. The following alert is also displayed when the schedule period has elapsed. Figure 1. Outlook Reminder feature The…
