![]() The Computer Emergency Response Team for Ukraine (CERT-UA) reported the vulnerability to Microsoft. Such an email could lead to exploitation before the email is viewed in the Preview Pane, which allows an attacker to steal credential hashes by forcing the target’s devices to authenticate to an attacker-controlled server. ![]() On March 14, 2023, Microsoft released a security fix for an elevation-of-privilege vulnerability (CVE-2023-23397) in Microsoft Outlook.Ī specially crafted email can trigger the vulnerability automatically when it is retrieved and processed by the Outlook client. Due to the simplicity of the attack and the fact it does not require user interaction we are urging everyone to patch their systems immediately. Disclaimer: This blog contains sensitive information but since this information is publicly available and at least partially public knowledge we decided not to redact any information as it would cause this post to be irrelevant.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |