Systems Engineering is aware of the following vulnerability in Microsoft Outlook, Elevation of Privilege Vulnerability CVE-2023-23397.
Microsoft rates this vulnerability as CRITICAL.
An elevation of privilege vulnerability within the Microsoft Outlook client on Windows devices makes it possible for a remote attacker to gain access to a user's Net-NTLMv2 hash. Access to this hash could be used to attack other services and authenticate as the user. This attack can be performed without user interaction by sending a specially crafted email.
This vulnerability exists in all currently supported versions of Outlook for Windows. It does not affect Outlook for the web or any versions running on iOS, Android, or Mac.
Course of Action
Systems Engineering recommends installing the appropriate patch as soon as possible. We are actively working with clients to deploy the patch at this time, including automated delivery to our managed patching clients. In our testing of the deployment over the last 24 hours, some users have experienced an interruption of active files closing or Outlook itself restarting, while others simply received a message that their Outlook client successfully updated without interruption.
For managed patching clients, due to the critical rating of CVE-2023-23397, we are deploying Microsoft KB5002265 and KB5002254 at 4:00 PM EST today, which will require a reboot of the device. The end users will receive prompts for this activity, and the required reboot is selectable between 5:00 PM and 9:00 PM this evening.
We appreciate your partnership and understanding as we all work to close this Microsoft Outlook security flaw. If you have questions or concerns, please contact Systems Engineering via your normal channel and check back here for updates or new information that becomes available.