Security News > 2023 > March > Critical Microsoft Outlook bug PoC shows how easy it is to exploit

Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows that allows hackers to remotely steal hashed passwords by simply receiving an email.

The issue is a privilege escalation vulnerability with a 9.8 severity rating that affects all versions of Microsoft Outlook on Windows.

"The connection to the remote SMB server sends the user's NTLM negotiation message, which the attacker can then relay for authentication against other systems that support NTLM authentication" - Microsoft.

After reviewing a script from Microsoft that checks Exchange messaging items for signs of exploitation using CVE-2023-23397, MDSec's red team member Dominic Chell discovered how easily a threat actor could leverage the bug.

The researcher also discovered that the PidLidReminderOverride property could be used to make Microsoft Outlook parse a remote, malicious UNC path in the PidLidReminderFileParameter property.

Apart from calendar appointments, an attacker could also use Microsoft Outlook Tasks, Notes, or email messages to steal the hashes.

News URL

https://www.bleepingcomputer.com/news/security/critical-microsoft-outlook-bug-poc-shows-how-easy-it-is-to-exploit/