Security News > 2023 > March > Critical Microsoft Outlook bug PoC shows how easy it is to exploit
Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows that allows hackers to remotely steal hashed passwords by simply receiving an email.
The issue is a privilege escalation vulnerability with a 9.8 severity rating that affects all versions of Microsoft Outlook on Windows.
"The connection to the remote SMB server sends the user's NTLM negotiation message, which the attacker can then relay for authentication against other systems that support NTLM authentication" - Microsoft.
After reviewing a script from Microsoft that checks Exchange messaging items for signs of exploitation using CVE-2023-23397, MDSec's red team member Dominic Chell discovered how easily a threat actor could leverage the bug.
The researcher also discovered that the PidLidReminderOverride property could be used to make Microsoft Outlook parse a remote, malicious UNC path in the PidLidReminderFileParameter property.
Apart from calendar appointments, an attacker could also use Microsoft Outlook Tasks, Notes, or email messages to steal the hashes.
News URL
Related news
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Microsoft fixes Outlook clients not syncing over Exchange ActiveSync (source)
- Exploit available for new critical TeamCity auth bypass bug, patch now (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (source)
- PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- Microsoft warns Gmail blocks some Outlook email as spam, shares fix (source)
- Surveillance by the New Microsoft Outlook App (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-14 | CVE-2023-23397 | Authentication Bypass by Capture-replay vulnerability in Microsoft 365 Apps, Office and Outlook Microsoft Outlook Elevation of Privilege Vulnerability | 9.8 |