Security News > 2023 > March > Critical Microsoft Outlook bug PoC shows how easy it is to exploit

Critical Microsoft Outlook bug PoC shows how easy it is to exploit
2023-03-15 17:00

Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows that allows hackers to remotely steal hashed passwords by simply receiving an email.

The issue is a privilege escalation vulnerability with a 9.8 severity rating that affects all versions of Microsoft Outlook on Windows.

"The connection to the remote SMB server sends the user's NTLM negotiation message, which the attacker can then relay for authentication against other systems that support NTLM authentication" - Microsoft.

After reviewing a script from Microsoft that checks Exchange messaging items for signs of exploitation using CVE-2023-23397, MDSec's red team member Dominic Chell discovered how easily a threat actor could leverage the bug.

The researcher also discovered that the PidLidReminderOverride property could be used to make Microsoft Outlook parse a remote, malicious UNC path in the PidLidReminderFileParameter property.

Apart from calendar appointments, an attacker could also use Microsoft Outlook Tasks, Notes, or email messages to steal the hashes.


News URL

https://www.bleepingcomputer.com/news/security/critical-microsoft-outlook-bug-poc-shows-how-easy-it-is-to-exploit/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-03-14 CVE-2023-23397 Authentication Bypass by Capture-replay vulnerability in Microsoft products
Microsoft Outlook Elevation of Privilege Vulnerability
network
low complexity
microsoft CWE-294
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400