Security News > 2023 > March > Microsoft fixes Outlook zero-day used by Russian hackers since April 2022
Microsoft has patched an Outlook zero-day vulnerability exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations.
Microsoft shared this info in a private threat analytics report seen by BleepingComputer and available to customers with Microsoft 365 Defender, Microsoft Defender for Business, or Microsoft Defender for Endpoint Plan 2 subscriptions.
CVE-2023-23397 impacts all supported versions of Microsoft Outlook for Windows but doesn't affect Outlook for Android, iOS, or macOS versions.
Since online services like Outlook on the web and Microsoft 365 do not support NTLM authentication, they are not vulnerable to attacks exploiting this NTLM relay vulnerability.
Microsoft fixes Windows zero-day exploited in ransomware attacks.
Outlook for Mac now free, Microsoft 365 subscription not needed.
News URL
Related news
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-14 | CVE-2023-23397 | Authentication Bypass by Capture-replay vulnerability in Microsoft products Microsoft Outlook Elevation of Privilege Vulnerability | 9.8 |