Security News > 2023 > March > Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)
It's March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild by different threat actors.
"CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB share on a threat actor-controlled server. No user interaction is required," Microsoft explained.
"Online services such as Microsoft 365 do not support NTLM authentication and are not vulnerable to being attacked by these messages," Microsoft pointed out.
"Microsoft Threat Intelligence assesses that a Russia-based threat actor used the exploit patched in CVE-2023-23397 in targeted attacks against a limited number of organizations in government, transportation, energy, and military sectors in Europe," the company said, and shared a script that organizations can use to check if they have been among the targets.
The in-the-wild exploitation of the vulnerability was reported to Microsoft by researchers Benoît Sevens and Vlad Stolyarov of the Google's Threat Analysis Group, which spotted it being exploited to deliver the Magniber ransomware.
They also noted that, in September and November 2022, threat actors used a similar SmartScreen bypass vulnerability to deliver the Magniber ransomware and the Qakbot infostealer, before the flaw was patched in December 2022.
News URL
https://www.helpnetsecurity.com/2023/03/14/cve-2023-23397-cve-2023-24880/
Related news
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Top 3 Ransomware Threats Active in 2025 (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Threat actors are using legitimate Microsoft feature to compromise M365 accounts (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-14 | CVE-2023-23397 | Authentication Bypass by Capture-replay vulnerability in Microsoft products Microsoft Outlook Elevation of Privilege Vulnerability | 9.8 |