Security News > 2023 > March > Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
2023-03-25 06:13

Microsoft on Friday shared guidance to help customers discover indicators of compromise associated with a recently patched Outlook vulnerability.

Tracked as CVE-2023-23397, the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager hashes and stage a relay attack without requiring any user interaction.

The vulnerability was resolved by Microsoft as part of its Patch Tuesday updates for March 2023, but not before Russia-based threat actors weaponized the flaw in attacks targeting government, transportation, energy, and military sectors in Europe.

"While leveraging NTLMv2 hashes to gain unauthorized access to resources is not a new technique, the exploitation of CVE-2023-23397 is novel and stealthy," Microsoft said.

The disclosure comes as the U.S. Cybersecurity and Infrastructure Security Agency released a new open source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments.

Dubbed Untitled Goose Tool, the Python-based utility offers "Novel authentication and data gathering methods" to analyze Microsoft Azure, Azure Active Directory, and Microsoft 365 environments, the agency said.


News URL

https://thehackernews.com/2023/03/microsoft-warns-of-stealthy-outlook.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-03-14 CVE-2023-23397 Authentication Bypass by Capture-replay vulnerability in Microsoft products
Microsoft Outlook Elevation of Privilege Vulnerability
network
low complexity
microsoft CWE-294
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400