IT and Cybersecurity News

SECURITY ALERT: Microsoft Outlook vulnerability on Windows devices CVE-2023-23397

Written by Systems Engineering | March 16, 2023

Systems Engineering is aware of the following vulnerability in Microsoft Outlook, Elevation of Privilege Vulnerability CVE-2023-23397

Microsoft rates this vulnerability as CRITICAL

Description 

An elevation of privilege vulnerability within the Microsoft Outlook client on Windows devices makes it possible for a remote attacker to gain access to a user's Net-NTLMv2 hash. Access to this hash could be used to attack other services and authenticate as the user. This attack can be performed without user interaction by sending a specially crafted email. 

Scope 

This vulnerability exists in all currently supported versions of Outlook for Windows. It does not affect Outlook for the web or any versions running on iOS, Android, or Mac.

Course of Action 

Systems Engineering recommends installing the appropriate patch as soon as possible. We are actively working with clients to deploy the patch at this time, including automated delivery to our managed patching clients. In our testing of the deployment over the last 24 hours, some users have experienced an interruption of active files closing or Outlook itself restarting, while others simply received a message that their Outlook client successfully updated without interruption.

For managed patching clients, due to the critical rating of CVE-2023-23397, we are deploying Microsoft KB5002265 and KB5002254 at 4:00 PM EST today, which will require a reboot of the device. The end users will receive prompts for this activity, and the required reboot is selectable between 5:00 PM and 9:00 PM this evening.

We appreciate your partnership and understanding as we all work to close this Microsoft Outlook security flaw. If you have questions or concerns, please contact Systems Engineering via your normal channel and check back here for updates or new information that becomes available.