Security News > 2023 > May > Microsoft patches bypass for recently fixed Outlook zero-click bug
Microsoft fixed a security vulnerability this week that could be used by remote attackers to bypass recent patches for a critical Outlook zero-day security flaw abused in the wild.
"All Windows versions are affected by the vulnerability. As a result, all Outlook client versions on Windows are exploitable," Barnea explained.
The Outlook zero-day bug patched in March is a privilege escalation flaw in the Outlook client for Windows that enables attackers to steal NTLM hashes without user interaction in NTLM-relay attacks.
Threat actors can exploit it by sending messages with extended MAPI properties containing UNC paths to custom notification sounds, causing the Outlook client to connect to SMB shares under their control.
The threat actors used malicious Outlook notes and tasks to steal NTLM hashes by forcing their targets' devices to authenticate to attacker-controlled SMB shares.
Microsoft shares tips on detecting Outlook zero-day exploitation.
News URL
Related news
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Microsoft shares temp fix for Outlook crashing when writing emails (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)