Patch Now
Newly discovered vulnerabilities in software may be a daily occurrence, but some are a bigger problem than others. And by all indications, the zero-day vulnerability in Outlook that Microsoft disclosed earlier this week is a problematic one.
[Related: The Latest Zero-Day Vulnerabilities From Apple, Microsoft]
Security researchers say the privilege-elevation vulnerability in Outlook should be prioritized for patching, since the flaw is considered easy to exploit and is, in fact, being actively exploited. “We strongly recommend all customers update Microsoft Outlook for Windows to remain secure,” Microsoft said in a post Tuesday.
However, there’s evidence that even with the patch deployed, the critical-severity vulnerability can still be exploited under certain conditions. Microsoft acknowledged the possibility in a statement to CRN Friday, but noted that the technique for doing so, described by multiple security researchers, “requires an attacker to already have gained access to internal networks.”
The Outlook vulnerability was disclosed by Microsoft on Tuesday and is tracked at CVE-2023-23397. The company reiterated its call for organizations to patch the vulnerability in its statement Friday.
What follows are five things you need to know on the latest critical vulnerability in Microsoft Outlook.
Why It’s A Big Concern
The privilege-elevation vulnerability in Outlook has prompted calls for immediate patching on account of its unique qualities. Namely: “Unlike other exploits we’ve seen in the past, this exploit is particularly dangerous because no user interaction is required to trigger the exploit,” wrote John Hammond, senior security researcher at Huntress, in a blog post Friday. “Once an infected email arrives in a Microsoft Outlook inbox, sensitive credential hashes can be obtained.”
After the threat actor sends the malicious email, they’re able to capture what are known as Net-NTLMv2 hashes, a type of credential that can provide the attacker with authentication within Windows environments, Hammond said. “This allows threat actors to potentially authenticate themselves as the victims, escalate privileges, or further compromise the environment.”
SHARE THISLEARN MORE: Cybersecurity | Current Threats | Threat Management
Kyle Alspach is a Senior Editor at CRN focused on cybersecurity. His coverage spans news, analysis and deep dives on the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security. He can be reached at [email protected].
RELATED CONTENT
Rapid7 Adds To MDR Platform With $38M Acquisition Of Minerva Labs5 Things To Know About The Fortra GoAnywhere AttacksSentinelOne CEO: Cloud Security Opportunity May Be ‘Even Larger’ Than EndpointOpen XDR Vendor Stellar Cyber Debuts Partner Program For ResellersOptiv Doubles Down On Federal Business With Acquisition Of ClearShark TO TOPADVERTISEMENT