AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Microsoft office 2021 vs 3654/14/2023 In summary, the mere presence of a malicious email jeopardizes your security, making this an extremely dangerous vulnerability.įortunately, for our proactive support customers, including our Assurance customers we have already taken the necessary steps to patch this vulnerability, ensuring your systems remain secure and protected against this exploit. This action reveals the victim’s Net-NTLMv2 hash (used for authentication in Windows environments) to the attacker, who can then utilize it to access another service while impersonating the victim. The attack is initiated by a malicious email that prompts a connection from the victim to an attacker-controlled location. This critical vulnerability impacts both 32-bit and 64-bit Microsoft 365 Apps for Business & Enterprise, as well as Office 2013, 2016, and 2019 (including LTSC). Consequently, exploitation can occur even before the email appears in the Preview Pane. According to Microsoft’s guidance on this Microsoft 365 vulnerability, the email automatically activates when the Outlook client retrieves and processes it. The vulnerability, identified as CVE-2023-23397 with a CVSS score of 9.8, enables remote and unauthorized attackers to compromise systems simply by sending a tailored email that snatches the recipient’s credentials.Īlarmingly, the victim isn’t required to open the malicious email. A severe security flaw is currently plaguing the widely-used Microsoft Outlook/365 suite, necessitating immediate patching.
0 Comments
Read More
Leave a Reply. |